|
|
|
|
|
|
by mschuster91
1149 days ago
|
|
|
> A majority of attacks don't use CVEs. Depends what your definition of "attacks" is, to be precise: is an event where an adversary places a malicious ad with code exploiting a browser 0day counted as one attack or as X attacks with X being the number of infected machines? Additionally, the same segmentation (with the same split) applies if you only count large-scale hacks against organizations as attacks, or if you're counting infected machines of everyday common people as attacks as well. Basically, if you're counting attacks on organizations, you're correct as the majority entrypoint there is social engineering and outdated exploitable software/appliances reachable from the public internet or a compromised partner connected to the victim's network. |
|
|