Initial Access

Phishing

Just two resources (I am not even trying to provide a link to relevant incidents; I would not know where to start):

• Internet Crime Complaint Center (IC3) - FBI Have a look at the annual reports: which is the most prevalent crime type by victim count?
• "phishing" search on Computers and Security This is a prestigious scientific journal. The list of papers published in the last year suffices to realize that there is still a lot of ongoing research on this seemingly irrelevant topic. Full text available only from internal UniTS network.

Case Studies

The MITRE ATT&CK website contains a number of real cases where each technique has been used. The examples listed here are just a bunch of further examples, particularly interesting because they illustrate all the intrusion steps that followed Initial Access.

• Exploit Public-Facing Application:

  • Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells

• Valid Accounts:

  • Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization
  • The silent heist: cybercriminals use information stealer malware to compromise corporate networks Infostealer malware. Nice publication by the Australian Cybersecurity Centre.

Appendix: Secure email (SPF, DKIM, DMARC)

• Tackling Email Spoofing and Phishing High-level description, by Cloudflare.
• Trustworthy Email Technical guide by NIST. In-depth explanation.