Risk grows as multi-vector attacks become the norm
More vectors increase the odds
When attackers target more than one attack surface or vector at a time - their chances of successful entry dramatically improve.
Historically, these ‘multi-vector’ attacks — network infiltration attempts via multiple points of compromise — were only used by the most sophisticated, well-financed attackers. But that’s starting to change. Today, it’s becoming more common for attackers to employ multiple tactics in tandem — sometimes to pressure-test various defenses, sometimes to exploit subtle security gaps, and sometimes just to overwhelm an organization’s ability to respond.
The frequency of these multi-vector attacks increasing is driving the need for a more integrated and streamlined security approach — one that involves reducing the number of niche security services.
Why do attackers target multiple vectors in this manner?
Exploiting two (or more) attack vectors increases the attack’s success rate. If the attack involves targeting multiple entry points into a network — e.g. using email phishing, voice phishing, and exploiting a VPN vulnerability — only one of these attempts has to work for the overall attack to succeed. Phishing is a common component of multi-vector attacks for this very reason — it often exploits human error rather than software flaws, making it hard to stop.
Unfortunately, the rise in hybrid work makes these consequences more likely. A well-documented rise in bring-your-own-device (BYOD) environments — along with increasing reliance on public cloud, SaaS applications, and untrusted wireless networks — has eroded longstanding network perimeters. A greater range of less trusted identities and devices accessing sensitive data stored and shared across the Internet introduces far more vulnerabilities while simultaneously reducing visibility and control for Security.
Small wonder, then, that ransomware?set records in 2021 , and there were?338.4 million ransomware attempts ?in the first three quarters of 2022.
Sophistication not required
Organizations of sufficient size and complexity have a number of possible attack vectors — paths or means by which attackers can access a network or device. The open-source?MITRE ATT&CK matrix ?provides a detailed list of the various vectors attackers target and the tactics and techniques used to exploit them.
Recent examples show that attackers are combining vectors over the course of a single campaign. In 2022, a group known as 0ktapus used a combination of?SMS phishing and background downloading of remote access malware ?to target over 160 organizations — many of which were compromised to varying degrees. Crucially, an independent analysis of the attack indicated that the attackers were surprisingly, somewhat inexperienced — a far cry from the sophistication often expected with multi-vector attacks.
Similarly,?a recent spate of Royal ransomware-based attacks ?used a combination of phishing,?Remote Desktop Protocol ?compromise, and malware downloads to target critical infrastructure organizations. And the widespread?Log4j vulnerability ?offered attackers the opportunity to combine supply chain compromise with several other vectors.
领英推荐
Challenges of mitigating multi-vector attacks
Multi-vector attacks on corporate networks can be difficult to stop for many reasons. One is the ongoing prevalence of perimeter-based security policies. If an attacker exploits one vector to access an organization’s VPN, for example, they may have unfettered access to the entire network.
Limited staff and resources have surfaced as another common problem. Many organizations are?struggling to staff up ?their security team and may not have the budget needed to outsource unmet jobs to managed service providers. Most have employed traditional defenses for decades, but today, traditional defenses are stretched thin by the increase in hybrid work and hybrid cloud — two phenomena for which on-premises firewalls, gateways, and even point cloud security solutions were not intended to protect.
Firewalls and gateways guarding the network perimeter are insufficient when attackers target personal devices or cloud deployments and particularly when they are already inside the network — which is far too often the case. A complex, fragmented security stack constructed of non-interoperable point products — even best-of-breed — may have gaps that Security is not aware of. In addition, if one point product does detect malicious activity, it is incapable of alerting other solutions automatically but instead, results in an increase in security alerts — and accompanying?alert fatigue .
The push for cloud-native, platform-driven threat defense
Historically, there have been valid reasons for organizations to defend their networks using individual point products for each vector. But this approach is not well-suited for modern multi-vector attacks. Instead, organizations need a natively integrated approach — one that is:
Point products and on-premises hardware boxes cannot aid in implementing the principles above. Organizations today need wide-ranging threat defense across attack vectors and both inside and outside the network.
Cloudflare One ?consolidates threat defense and the on-ramps required to cover hybrid work. Cloudflare One defends against threats by natively integrating secure web gateway and cloud email security services — with remote browser isolation and data loss prevention. The platform goes beyond threat defense by integrating these services with Zero Trust Network Access (ZTNA) and cloud access security broker (CASB) — services that secure access.
This article is part of a series on the latest trends and topics impacting today’s technology decision-makers.
Dive deeper into this topic.
Learn more about stopping multi-vector threats in the?Reference Architecture for Internet-Native Transformation ?whitepaper.