Resources – CyberSOC Threat Statistics

This exposure category highlights IT assets or services that lack proper configuration according to the latest industry standards and security best practices, increasing their vulnerability to current cyber threats. Assets in this category may be in a default configuration state, lacking essential security hardening, which makes them especially vulnerable to exploitation by threat actors.

This exposure category identifies vulnerabilities arising from outdated components and configurations within your IT assets or services. These weaknesses, including unpatched software, deprecated protocols, and unsupported versions, expand the attack surface and create entry points for threat actors.

This exposure category identifies vulnerabilities and security risks within third-party infrastructure connected to your organization’s IT assets or services. These risks, whether through direct exploitation or indirect association, can affect operational continuity, data security, and overall business reputation.

This exposure category identifies the unauthorized disclosure of user account credentials, such as email addresses and passwords, observed across dark web forums, threat actor channels, public sites and other sources. Exposed credentials pose a high risk for cyber threats, including credential stuffing, account takeover (ATO), business email compromise (BEC), and phishing attacks.

This exposure category identifies phishing campaigns targeting your brand, with threats directed at IT service users or customers through advanced tactics such as domain spoofing, fake sites, and lookalike domains designed to deceive users into revealing their login credentials. 

This exposure category encompasses several types of hosts associated with Distributed Denial-of-Service (DDoS) activities. DDoS Bots are hosts likely compromised by malware and controlled by threat actors to participate in attacks, while DDoS Reflectors engage in attacks via vulnerable UDP-based services that enable reflected assaults on third-party targets, consuming bandwidth or impacting uplink availability. DDoS Vulnerability refers to misconfigured services that, while not affecting confidentiality or integrity, can degrade availability due to excessive bandwidth consumption. Lastly, DDoS Targets are hosts specifically subjected to DDoS traffic,  disrupting their operations and affecting service continuity.

This category indicates breaches involving IT assets or services that expose Personally Identifiable Information (PII) of your IT users or consumers, such as names, addresses, contact details, social security numbers, and financial information.

This exposure category captures data related to the reputational standing of your organization’s IPs, domains, or websites, flagged as malicious or blacklisted by various cyber intelligence communities. It also includes identification of leech or pirate websites mimicking your organization, which can directly impact brand integrity and damage your business reputation.

The observations of this exposure category indicate the unauthorized use of your brand, such as brand abuse, trademark infringement, and impersonation on various platforms, including social media, mobile app stores and executive impersonation activities.

The observations in this exposure category are related to unauthorized entities gaining access to your organization’s IT systems. Specifically, these observations indicate that one of your assets is compromised and engaging in network malicious activity, such as communicating with sinkholes, command-and-control (C&C) servers, or participating in botnet activity. Other forms of malicious behavior include network intrusions, malware distribution, and attacking other systems within your network or acting as a source of spam and phishing. This compromise can occur through various attack vectors, including malware, phishing, or exploiting unpatched services. Once a system is compromised, threat actors can exfiltrate sensitive information, deploy ransomware, or use the compromised system as a launchpad for further attacks. In the event of a compromise, an emergency incident response and a thorough security breach/compromise assessment are necessary to contain and mitigate the active threats.

This exposure category addresses customized data feed needs that tailored to specific branding and security requirements for certain customers.

This exposure category focuses on domains that threat actors have announced as targets, capturing cybercriminal activity and threats reported by malicious actors on underground forums, ransomware groups, and platforms like Telegram. It encompasses dark web activity, planned hacking activities, impending attacks, and other malicious intentions directed toward your organization’s assets.