Rapid7 Quarterly Threat Report: 2020 Q1

Rapid7 Quarterly Threat Report: 2020 Q1

If calendars still hold any meaning for you, you may be dimly aware that it's now midway through the second quarter of 2020, which means we've just wrapped up our first-quarter analysis of the threat landscape out there on the internet. Or is it, "in here on the internet?" I'm having trouble deciding what preposition to use now. (But seriously, be safe, limit your contact, and we'll get through this without crashing our hospital capacity.)


You can download the latest Quarterly Threat Report here, but if you need just a smidge more convincing to dive into the data, here are the highlights:


Enterprise applications are under attack


This past quarter, we saw an uptick in our reported incidents that involved exploitation against known-vulnerable, internet-facing enterprise applications, including Microsoft Exchange Outlook Web Application (OWA), which continues to see laggy patch adoption rates. At first blush, this might sound like old news—attackers gonna attack, after all—but in past quarters, most of the breaches that required incident response were either credential-based (reused passwords) or started off with a malware-dropping phishing lure. This shift in tactics shows that even in a time of pandemic, attackers are both keeping up with vulnerability and exploitation R&D, and are more than willing to seek out the softest targets available.


The user is still the key


While this spike in vuln-based exploitation is apparent in our breach statistics, the overall number of security incidents (most of which do not lead to a breach) are still squarely focused on the user. In total, 96% (or just over 19 out of 20) of our Managed Detection and ..

Support the originator by clicking the read the rest link below.