by Keith McCammon

less than 1 minute read

Based on initial access data from dozens of cybersecurity industry reports over the past four years, here’s a visualization of the top five initial access techniques, and how they’ve trended over the years:

More on some of the source data and the top initial access techniques from 2022 can be here.

The data

Rankings by year, used to generate the visualization above.

2019

2020

2021

2022
T1190: Exploit Public-Facing Application

1

1

1

2
T1566: Phishing

2

2

2

1
T1133: External Remote Services

3

4

5
T1078: Valid Accounts

4

3

3

4
T1199: Trusted Relationship

5
T1195: Supply Chain Compromise

5

4
T1189: Drive-by Compromise

5

3

Categories:

Updated:

You May Also Enjoy

Improving CISA KEV data integrity

3 minute read

tl;dr - Sometimes CISA removes Known Exploited Vulnerabilities catalog records. It would be awesome if they marked them as withdrawn and/or superseded instead.

When your product becomes a feature

3 minute read

Having spent a few years using, maintaining, and building security products of every conceivable shape and size, it’s become apparent how uniquely risky it is to invest in building cloud[1] security products.