Tenable Comment on Annual Cyber Threat Report 2023-2024

Reports & Predictions | Security Awareness | Threat Intelligence

The ASD just released its Annual Cyber Threat Report and some of the incidents outlined were the result of exploiting public-facing applications and compromised accounts or credentials. Please find further comments below from Satnam Narang, sr. staff research engineer, Tenable. “The Annual Cyber Threat Report from the ASD’s ACSC provides insights into the real-life cybersecurity […]

Posted: Wednesday, Nov 20

KBI.Media
$
Tenable Comment on Annual Cyber Threat Report 2023-2024

Tenable Comment on Annual Cyber Threat Report 2023-2024

The ASD just released its Annual Cyber Threat Report and some of the incidents outlined were the result of exploiting public-facing applications and compromised accounts or credentials. Please find further comments below from Satnam Narang, sr. staff research engineer, Tenable.

“The Annual Cyber Threat Report from the ASD’s ACSC provides insights into the real-life cybersecurity incidents that affect organisations. These underscore much of the advice that cybersecurity companies and practitioners have been echoing for years now and can have a direct and positive impact on an organisation’s security posture.

“The Annual Cyber Threat Report found that 30% of incidents involving federal and state governments (categorised as C3 incidents) were the result of exploiting public-facing applications. This has been one of the most consistent areas we see threat actors setting their sights on. In some cases, these applications are required to be public-facing and can expose organisations to immense risk due to the prevalence of known vulnerabilities. Advanced persistent threat (APT) groups further compound this risk by leveraging zero-days. In other instances, misconfigurations or a lack of understanding of how such applications should be secured, leave organisations unknowingly vulnerable.

“In addition to targeting vulnerabilities in public-facing applications, compromised accounts or credentials accounted for 23% of C3 incidents. Identity-based attacks are another area of interest for cybercriminals driven by weak passwords, lack of phishing-resistant multifactor authentication (MFA), or inactive accounts for individuals or services left on systems. Threat actors are actively seeking out ways to breach organisations by breaking down the proverbial front door. For attackers, the mentality of adapt or die is clearly on display when looking at the data over the last year, because in FY2022-23, the focus was less on targeting accounts and credentials and more on the networks and infrastructure.

“These types of reports are paramount because they shine a light in the darkness of the cybercrime ecosystem, revealing the how, which helps defenders prepare for and can help to ensure organisations are making informed decisions to address their cyber risk.” — Satnam Narang, sr. staff research engineer, Tenable

Long Road to Recovery: Fastly Research Reveals Australian and New Zealand Businesses Taking 19% Longer To Recover From Cybersecurity Incidents Than Expected

November 20, 2024

All Press Releases

Independent Cyber News.

In Other News…

Exabeam and Wiz Partner to Strengthen Cloud Security Threat Detection

Teradata AI Unlimited in Microsoft Fabric is Now Available for Public Preview through Microsoft Fabric Workload Hub

Yubico Announces Yubico Enrollment Suite for Microsoft users, a Turnkey Passwordless Onboarding Experience

Long Road to Recovery: Fastly Research Reveals Australian and New Zealand Businesses Taking 19% Longer To Recover From Cybersecurity Incidents Than Expected

Recent Articles

Australia Sanctions Russian Hacker

It’s been 12 Months since the Optus Breach. Now What?

The Security Operations Centre (SOC)

The Revitalised Cisco – with AI Prowess

Business News

Tech News

Global News

Our Podcasts

Partner With KBI

Content Production

Business News

Tech News

Global News

KBI.FM - The Cyber Podcast Network

Threats & Reports