{"id":3134,"date":"2022-01-31T15:21:57","date_gmt":"2022-01-31T15:21:57","guid":{"rendered":"https:\/\/itegriti.com\/kw022024\/?p=3134"},"modified":"2022-09-14T10:14:13","modified_gmt":"2022-09-14T10:14:13","slug":"threat-actors-often-choose-the-path-of-least-resistance","status":"publish","type":"post","link":"https:\/\/itegriti.com\/kw022024\/2022\/cybersecurity\/threat-actors-often-choose-the-path-of-least-resistance\/","title":{"rendered":"Threat Actors Often Choose the Path of Least Resistance"},"content":{"rendered":"

Every threat actor around the world shares one thing in common: they\u2019re people. As such, they often look at their \u201cjob\u201d from the effort\/reward perspective. They ask themselves, \u201cHow can we get the greatest reward for the least amount of effort?\u201d The answer is to go after low-hanging fruit, weaknesses which organizations might neglect in the absence of a robust security posture.<\/p>\n

Let\u2019s examine some examples below.<\/p>\n

 <\/p>\n

Commonly Exploited Vulnerabilities Are Older than You Think<\/h2>\n

Digital attackers understand that organizations don\u2019t always have the means to patch vulnerabilities affecting their systems on a timely basis. This explains why older vulnerabilities remain so popular among malicious actors. In July 2021, for instance, the FBI along with the Cybersecurity & Infrastructure Security Agency (CISA) published a joint advisory<\/a> with their national UK and Australian counterparts identifying 30 of the most common vulnerabilities exploited in the wild. The discovery dates for the list\u2019s top four flaws ranged from 2018 to 2020.<\/p>\n

Sometimes, digital attackers focus on misusing vulnerabilities even older than that. A 2021 survey noted that CVE-2017-11882<\/a>, a memory corruption vulnerability in Microsoft Office, accounted for nearly 75% of exploits in Q4 2020, reported HealthITSecurity<\/a>. Similarly, an analysis of some of the vulnerabilities most frequently used by ransomware attackers revealed that organizations hadn\u2019t applied some security updates for almost a decade. One of the top five vulnerabilities was CVE-2012-1723<\/a>, a vulnerability affecting the Java Runtime Environment (JRE) component in Oracle Java SE 7 which first emerged in 2012. ZDNet<\/a> shared that\u00a0CVE-2013-0431<\/a>, a bug in JRE, and CVE-2013-1493<\/a>, a flaw in Oracle Java, also made the list.<\/p>\n

 <\/p>\n

Other Low-Hanging Fruit Targeted by Attackers<\/h2>\n

Vulnerabilities might be one of the most common low-hanging fruit leveraged by attackers to target organizations without robust security postures. But it\u2019s not the only weakness of its kind. Provided below are several others.<\/p>\n