According to a recent analysis from ReliaQuest, the most often used attack technique last year was the exploitation of remote services like VPNs and RDP. The ReliaQuest Annual Cyber-Threat Report 2023 from the threat intelligence company is based on information from 35,000 incidents that were resolved for clients between February 2022 and February 2023.
Nearly 5000 cases of remote service exploitation were noted in the report, more than twice as many as the next most frequent method, active scanning. With the introduction of widespread home employment during the epidemic, the technique gained special popularity among threat actors. This is not surprising, the survey said, as exposed remote services like VPN, Citrix, TeamViewer, or RDP are among the most popular ways to enable initial access onto a targeted network or establish persistence.