Red Canary recently unveiled its sixth annual Threat Detection Report, examining the trends, threats, and adversary techniques impacting organizations – a useful guide for channel partners supporting customers with their security strategies in the year ahead. The report tracks MITRE ATT&CK® techniques that adversaries abuse most frequently throughout the year, with two new and notable entries soaring to the top 10 in 2023: Email Forwarding Rule and Cloud Accounts.
Red Canary’s latest report provides in-depth analysis of nearly 60,000 threats detected with more than 216 petabytes of telemetry collected from customers’ endpoints, networks, cloud infrastructure, identities, and SaaS applications in 2023. The research shows that while the threat landscape continues to shift and evolve, attackers’ motivations do not. The classic tools and techniques adversaries deploy remain consistent–with some notable exceptions.
Key findings include:
- Cloud Accounts was the fourth most prevalent MITRE ATT&CK technique Red Canary detected in 2023, rising from 46th in 2022, increasing 16x in detection volume and affecting three times as many customers in 2023 than in 2022.
- Detections for malicious email forwarding rules rose by nearly 600 percent, as adversaries compromised email accounts, redirected sensitive communications to archive folders and other places users are unlikely to look, and attempted to modify payroll or wire transfer destinations, rerouting money into the criminal’s account.
- Half of the threats in top 10 leveraged malvertising and/or SEO poisoning, occasionally leading to more serious payloads like ransomware precursors.
- Half of the top threats are ransomware precursors that could lead to a ransomware infection if left unchecked,with ransomware continuing to have a major impact on businesses.
- Despite a wave of new software vulnerabilities, humans remained the primary vulnerability that adversaries took advantage of in 2023, compromising identities to access cloud service APIs, execute payroll fraud with email forwarding rules, launch ransomware attacks, and more.
- Adversaries use the same 10-20 ATT&CK techniques against organizations, regardless of the victim’s sector or industry – yet notable exceptions occur where attackers target certain systems and workflows that are common in specific industries.
Red Canary noted several broader trends impacting the threat landscape that cybersecurity solution providers, managed security service providers (MSSPs), and incident response partners will need to help customers navigate and respond to. These include the emergence of generative AI, the continued prominence of remote monitoring and management (RMM) tool abuse, the prevalence of web-based payload delivery like SEO poisoning and malvertising, the increasing use of multi-factor authentication (MFA) evasion techniques and the dominance of brazen but highly effective social engineering schemes such as help desk phishing. These trends should be of particular concern for channel partners that deliver or rely on these solutions to support their customers.
Recommended actions:
- Validate customers’ defenses. Look at the top threats and techniques and ask: ‘am I confident in my ability to defend my customers against each of these?’ Red Canary’s open source test library Atomic Red Team is free and easy to adopt.
- Patching vulnerabilities is key. It remains tried and true as one of the best ways to insulate customers from risk.
- Become a cloud expert. Ensure your customers’ permissions and configurations are properly set up, and that they have clear visibility into how everyone in their organization is using cloud infrastructure. The difference between suspicious and legitimate activity is nuanced in the cloud and requires a deep understanding of what is normal in each customer’s environment.
- Apply to be a Red Canary Partner. Whether you provide technology products, security solutions, or cyber insurance and risk services, the Red Canary Partner Connect program ensures that you can help customers to navigate the threats they face and grow profitably.
About the Threat Detection Report
The full report is intended as a reference library for security practitioners to improve their ability to prevent, mitigate, detect, and emulate cyber threats. It offers detailed guidance on data sources that log relevant evidence of adversary behaviors, tools that collect from those data sources, how security teams can use this visibility to develop detection coverage, and much more deeply actionable information.
The Threat Detection Report sets itself apart from other annual reports by offering unique data and insights, accompanied by recommended actions derived from a combination of expansive visibility and expert, human-led investigation and confirmation of threats.
Each of the nearly 60,000 threats Red Canary detected in 2023 were not prevented by the customers’ other expansive security controls. They are the product of a breadth and depth that Red Canary leverages to detect the threats that would otherwise go undetected.
Related
This entry was posted on April 24, 2024 at 9:00 am and is filed under Commentary with tags Red Canary. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Red Canary Report Highlights Need For Channel To Defend Customers Against ‘Unprecedented’ Spike In Cloud Account Compromises
Red Canary recently unveiled its sixth annual Threat Detection Report, examining the trends, threats, and adversary techniques impacting organizations – a useful guide for channel partners supporting customers with their security strategies in the year ahead. The report tracks MITRE ATT&CK® techniques that adversaries abuse most frequently throughout the year, with two new and notable entries soaring to the top 10 in 2023: Email Forwarding Rule and Cloud Accounts.
Red Canary’s latest report provides in-depth analysis of nearly 60,000 threats detected with more than 216 petabytes of telemetry collected from customers’ endpoints, networks, cloud infrastructure, identities, and SaaS applications in 2023. The research shows that while the threat landscape continues to shift and evolve, attackers’ motivations do not. The classic tools and techniques adversaries deploy remain consistent–with some notable exceptions.
Key findings include:
Red Canary noted several broader trends impacting the threat landscape that cybersecurity solution providers, managed security service providers (MSSPs), and incident response partners will need to help customers navigate and respond to. These include the emergence of generative AI, the continued prominence of remote monitoring and management (RMM) tool abuse, the prevalence of web-based payload delivery like SEO poisoning and malvertising, the increasing use of multi-factor authentication (MFA) evasion techniques and the dominance of brazen but highly effective social engineering schemes such as help desk phishing. These trends should be of particular concern for channel partners that deliver or rely on these solutions to support their customers.
Recommended actions:
About the Threat Detection Report
The full report is intended as a reference library for security practitioners to improve their ability to prevent, mitigate, detect, and emulate cyber threats. It offers detailed guidance on data sources that log relevant evidence of adversary behaviors, tools that collect from those data sources, how security teams can use this visibility to develop detection coverage, and much more deeply actionable information.
The Threat Detection Report sets itself apart from other annual reports by offering unique data and insights, accompanied by recommended actions derived from a combination of expansive visibility and expert, human-led investigation and confirmation of threats.
Each of the nearly 60,000 threats Red Canary detected in 2023 were not prevented by the customers’ other expansive security controls. They are the product of a breadth and depth that Red Canary leverages to detect the threats that would otherwise go undetected.
Share this:
Like this:
Related
This entry was posted on April 24, 2024 at 9:00 am and is filed under Commentary with tags Red Canary. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.