APT_CyberCriminal_Campagin_C VS VCDB

You can look at:

- A collection of public threat intel reports [0]. Lot's of reading though. I did some Splunking on it last year and at least 50% uses phishing for initial access. You could call that a structural vulnerability.

- Exploiting vulnerable public facing stuff is another initial access technique. Here someone collected all the CVEs used by ransomware crews:

- VERIS community database: collection of 8894 security incidents. If you look in the JSON there are some fields describing the vector and the actor.

[0] https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_C...

[1] https://twitter.com/uuallan/status/1437068825636265985

[2] https://github.com/vz-risk/VCDB

The DBIR is an interesting dataset in that it only covers breaches that have been covered by the media.

It does not include the vast majority of breaches that happen every year and are reported to federal and state regulatory bodies or as posted to cybercrime / ransomware sites.

One of the coolest things is that this process though flawed is transparent and semi-open to the public.

The dataset and the underlying process for which events are selected takes place in the open on GitHub.

Kudos to their commitment to open source.

https://github.com/vz-risk/VCDB

You can look at:

- A collection of public threat intel reports [0]. Lot's of reading though. I did some Splunking on it last year and at least 50% uses phishing for initial access. You could call that a structural vulnerability.

- Exploiting vulnerable public facing stuff is another initial access technique. Here someone collected all the CVEs used by ransomware crews:

- VERIS community database: collection of 8894 security incidents. If you look in the JSON there are some fields describing the vector and the actor.

[0] https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_C...

[1] https://twitter.com/uuallan/status/1437068825636265985

[2] https://github.com/vz-risk/VCDB