Most ransomware attacks against companies in the critical-infrastructure sectors of oil, energy and utilities succeeded through exploiting software vulnerabilities, which accounted for 49% of successful attacks versus 35% the previous year, according to Sophos’s report. Compromised credentials (27%) and malicious emails (14%) rounded out the top-3 vectors.
This is why companies need to demand CISA “Secure By Design” products, to avoid these type of software vulnerability attacks.