The threat landscape is under a constant state of evolution, with enterprise players hard-pressed to keep up with a frequent barrage of vulnerability disclosures, security updates, and the occasional zero-day.
Analysts estimate that by 2021, 3.5 million[1] cybersecurity roles will be unfulfilled, and so not only do existing security professionals need to deal with a seemingly endless fight against cyberattackers, they may also have to do so while short-staffed -- not to mention the disruption caused by COVID-19.
See also: Cloud security: 'Suspicious superhumans' behind rise in attacks on online services[2]
There are tools out there to help with the strain. Automatic scanners, artificial intelligence (AI) and machine learning (ML)-based algorithms and software that can manage endpoint security and risk assessments, feeds providing real-time threat data, and more.
Frameworks also exist, such as MITRE ATT&CK[3], which provides a free knowledge base compiling tactics and techniques observed in current, real-world attacks.
It is this data repository that Cisco has examined in a new report[4] describing current attack trends against enterprise endpoints and networks.
On Monday, Cisco published a data set based on MITRE ATT&CK classifications combined with Indicators of Compromise (IoCs) experienced by organizations that receive alerts through the company's security solutions within specific time frames.
According to the company, over the first half of 2020, fileless threats were the most common attack vector used against the enterprise. Fileless attacks include process injections, registry tampering, and threats such as Kovter[5], a fileless Trojan; Poweliks[6], a code injector that operates on the back of legitimate processes; and Divergent[7], fileless Node.js malware.
In second are dual-use tools including Metasploit, PowerShell, CobaltStrike, and Powersploit. Legitimate penetration testing tools