* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://origin-researchcenter.paloaltonetworks.com/blog/corporate/)
* [Incident Response](https://origin-researchcenter.paloaltonetworks.com/blog/category/incident-response/)
* Attack Vectors at a Glanc...

# Attack Vectors at a Glance

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2024%2F08%2Fattack-vectors-at-a-glance%2F)  
[](https://twitter.com/share?text=Attack+Vectors+at+a+Glance&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2024%2F08%2Fattack-vectors-at-a-glance%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2024%2F08%2Fattack-vectors-at-a-glance%2F&title=Attack+Vectors+at+a+Glance&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/2024/08/attack-vectors-at-a-glance/&ts=markdown)  
\[\](mailto:?subject=Attack Vectors at a Glance)  
Link copied  
By [Michael J Graven](https://www.paloaltonetworks.com/blog/author/michael-j-graven/?ts=markdown "Posts by Michael J Graven")  
Aug 07, 2024  
6 minutes  
[Incident Response](https://www.paloaltonetworks.com/blog/category/incident-response/?ts=markdown)  
[Zero Trust Security](https://www.paloaltonetworks.com/blog/category/zero-trust-security/?ts=markdown)  
[incident response report](https://www.paloaltonetworks.com/blog/tag/incident-response-report/?ts=markdown)  
[Unit 42 Incident Response](https://www.paloaltonetworks.com/blog/tag/unit-42-incident-response/?ts=markdown)

# Executive Insights from the Unit 42 Incident Response Report

An attack vector is the method an attacker uses to get access to a target environment. Understanding which vectors result in the most successful attacks can help you reduce the likelihood an attacker succeeds at compromising your organization.

The [2024 Incident Response Report](https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report) details the most exploited attack vectors of the past year. It also spotlights the cybercriminal group known as *Muddled Libra* and analyzes its most successful attack patterns to determine how the most sophisticated attackers may attempt to breach your defenses.

When hardening defenses against cyberattacks, it's important to understand the interplay between the *who* and the*how*. While you need to identify the most likely threats to your organization, you also need to identify how threat actors exploit common attack vectors.

Preventing and responding to attacks requires *threat-informed defenses*. By examining threat actors and their behaviors, we're able to identify the most common attack vectors and recommend strategies for securing them. Here's what our experts have seen in this year's Incident Response Report to help your organization better resist attacks.

## Trending Attack Vectors

Cybercriminals will seek the path of least resistance when infiltrating your organization. While software vulnerabilities continue to provide attackers with alluring entry points, it's important to remember that sophisticated attacks often involve the exploitation of multiple attack vectors.

![PA graph showing brute force, phishing, compromised credentials, software vulnerabilities of 2020, 2021, 2022.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/08/PA_Graph-v4-1@4x.png)

### 1. Software Vulnerabilities

In most of the cases we examined, cybercriminals exploited internet-facing applications to gain an initial foothold.

Software vulnerabilities have always been a weak spot for organizations for a few reasons:

* Software vulnerabilities often aren't discovered until they're already being exploited.
* Vendors may not release security updates for software quickly enough.
* Engineers have to test patches in a virtual environment to minimize impact to production, which takes time.

Organized groups, like Muddled Libra, have their own research and development teams. They uncover software vulnerabilities and build automated tools for discovering potential targets. Now that they've infused AI into their operations, they find software bugs, locate vulnerable targets, and exploit them on a much greater scale.

**Our Recommendation:**

Proactive discovery and analysis of your assets, especially those exposed to the internet, is the first step. A tool like [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse) can help you proactively find and fix exposures on your internet-connected assets before attackers can exploit them.

You'll also want to incorporate threat intelligence into your security operations. Your team can subscribe to various threat intel feeds and keep up with [threat research](https://unit42.paloaltonetworks.com/)for the latest vulnerability disclosures.

As always, routine testing and implementing patches as quickly as possible will reduce the likelihood that your software will provide an open door for attackers.

### 2. Stolen Credentials

Think of your cyber environment as a maze of locked doors. Your employees have the keys to unlock these doors. However, the burden of keeping up with those keys and who has them compounds as your company grows.

Attackers like Muddled Libra aren't going to pick your locks when they can steal keys from your employees instead. In the past year, they've successfully employed several tactics:

* **Social engineering** on help-desk employees to gain the credentials of specific users.
* **Stealing credentials** from individuals and purchasing compromised ones.
* **Using malware** to steal credentials saved in applications.
* **Buying** previously stolen **credentials** from access brokers.

**Our Recommendation:**

Most importantly, you must implement technologies that can account for human error. Even the best employees have bad days, and your technology should support them when their senses fail. Monitor the traffic on your network for uncommon behavior. Look for [detection and response](https://www.paloaltonetworks.com/cortex/cortex-xdr) tools that can answer questions about who, what, when and where attacker activity might be. They should identify anomalous behavior and consider augmenting them with security [operations tools that integrate and automate](https://www.paloaltonetworks.com/cyberpedia/what-is-extended-security-intelligence-and-automation-management-xsiam) your SOC processes.

You should also train your team to detect and respond to social engineering attempts. Unlike many hacker groups, we believe members of Muddled Libra speak English natively. This allows them to more believably pass as a member of your staff in a phishing attempt. Your employees should know what an attempted attack looks like, how to react, and who to contact if they think they've fallen victim.

Multifactor authentication (MFA) can reduce the risk of stolen credentials, but MFA solutions can also be compromised, too. Train your users not to approve MFA requests they didn't solicit and to report lost or stolen devices.

### 3. Third Parties and Misconfigurations

Third-party vulnerabilities and misconfigurations can contribute to lack of visibility. Muddled Libra and other groups exploit these vectors to gain easy access and move laterally. In contrast to the locked-door analogy, these are doors left ajar.

Threats can come about when partner organizations grant too much trust and access to third-party vendors without oversight. Defending your organization is hard enough, but incorporating third-party vendors multiplies your attack surface.

Misconfigurations occur when tools and devices are deployed without documented standards and procedures. They present even greater risk without ongoing monitoring and maintenance to ensure they remain secure. They then become invisible holes in your defenses for attackers to pivot through.

**Our Recommendation:**

Adopt a [Zero Trust](https://www.paloaltonetworks.com/zero-trust) network access framework to mitigate the risk of anyone or anything accessing your organizational resources. Zero Trust isn't a tool. It's a philosophy and a full ecosystem of controls that implement best-practice security across your entire organization.

You should also regularly scan and analyze your organization for misconfigurations that might lead to compromise. While policies should dictate who can add what to the network and how it should be configured, you need technology-based methods to enforce them.

## The Bigger Picture

Attack vectors are just one consideration when securing your organization. In many cases, the how can be derived from the who -- who you are, how large your organization is, what industry you're in, and who your threat actors most likely are.

We study groups like Muddled Libra and their methodologies so we can better inform you about their activities. The tactics used by well-resourced threat groups represent the attacks that future commodity cybercriminal groups will leverage against people on an automated basis.

Our best advice: don't go at it alone. Security teams should never rely solely on their own security assessments. Talk to Unit 42 and find [a trusted](https://www.paloaltonetworks.com/blog/2024/06/forrester-wave-for-cybersecurity-incident-response/) [security partner](https://www.paloaltonetworks.com/unit42/about) who can identify your weaknesses and help you fix them.

*** ** * ** ***

## Related Blogs

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown), [Unit 42](https://unit42-dev2.paloaltonetworks.com)

[#### The Top 5 Largest Scale Intrusions in 2023](https://origin-researchcenter.paloaltonetworks.com/blog/2024/10/top-5-largest-scale-intrusions-in-2023/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Incident Response](https://www.paloaltonetworks.com/blog/category/incident-response/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://unit42-dev2.paloaltonetworks.com)

[#### Introducing Unit 42 Managed XSIAM 2.0](https://origin-researchcenter.paloaltonetworks.com/blog/2026/02/introducing-unit-42-managed-xsiam-2-0/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Threat Advisories - Advisories](https://www.paloaltonetworks.com/blog/category/threat-advisories-advisories/?ts=markdown), [Unit 42](https://unit42-dev2.paloaltonetworks.com)

[#### 2026 Unit 42 Global Incident Response Report --- Attacks Now 4x Faster](https://origin-researchcenter.paloaltonetworks.com/blog/2026/02/unit-42-global-ir-report/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/category/zero-trust-security/?ts=markdown)

[#### Empowering the RAF Association with Next-Generation Cyber Resilience](https://origin-researchcenter.paloaltonetworks.com/blog/2026/02/raf-association-next-generation-cyber-resilience/)

### [5G Security](https://www.paloaltonetworks.com/blog/network-security/category/5g-security/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/category/zero-trust-security/?ts=markdown)

[#### Securing Critical Infrastructure in the 5G Era](https://origin-researchcenter.paloaltonetworks.com/blog/network-security/securing-critical-infrastructure-in-the-5g-era/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [News \& Events](https://www.paloaltonetworks.com/blog/sase/category/news-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/category/zero-trust-security/?ts=markdown)

[#### Redefining Workspace: Prisma Browser Secures Leadership in Frost Radar](https://origin-researchcenter.paloaltonetworks.com/blog/2025/12/prisma-browser-secures-leadership-in-frost-radar/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language