Ransomware, software supply chain attacks, data breaches, and more have become an almost daily occurrence in an increasingly challenging threat landscape.
Automated threat detection company Blumira has released a new report based on its security detections which reveals that identity-based attacks and living off the land behaviors were the top threats organizations faced in 2021.
“Organizations, especially small and medium-sized businesses, need help with faster detection and response to keep up with latest threats and protect against breaches,” says Jim Simpson, CEO of Blumira. “Expediting time to security for faster response is key to better overall security outcomes.”
Access attempts proved to be a common theme, as the pandemic forced many organizations to move to cloud services to support their remote employees. For organizations without a solid understanding of their exposed attack surface, moving to a cloud environment only highlighted that knowledge gap. Attempts to authenticate into a honeypot, or a fake login page designed especially to lure attackers, saw identity-driven techniques account for 60 percent of Blumira’s findings.
The research also observed usage of living off the land (LotL) techniques, which threat actors use to stealthily remain undetected in an environment. These work by leveraging built-in Microsoft tools that make it appear as though they are legitimate users within an organization’s environment. Top methods include Service Execution with Lateral Movement Tools at #4, PsExec use (#16), and potentially malicious PowerShell commands (#18).
You can get the full 2022 State of Detection and Response Report from the Blumira site.