DirectDefense, Inc., an information security services company,
today released its “2023 Security Operations Threat Report” which
identifies the top threats from 2023 and what’s already trending
for 2024. Using its proprietary ThreatAdvisor platform,
DirectDefense gathered and analyzed intelligence from nearly 2
million hours of alert investigation across its client base.
Cyber attackers are using increasingly sophisticated techniques
to breach organizations’ defenses. As new threats and tactics are
used, it's becoming more challenging for organizations to keep up
with the latest threats and implement effective defenses.
DirectDefense’s ThreatAdvisor SOAR platform enabled its team to
help clients launch key security initiatives and significantly
improve their preparedness and overall security posture.
Primary threats from 2023
In 2023, DirectDefense helped its clients identify, respond to
and remediate the following five primary threats:
Multi-factor authentication (MFA)
abuse: Abusing and bypassing MFA became so prominent in 2023
that DirectDefense created custom alerts to catch more attacks.
There has been a surge in identity-based attacks where attackers
are being more interactive and using generative AI to be more
targeted.
Social engineering: Social
engineering attacks have become more impactful with AI. Attackers
are using AI to localize their attacks and appear more familiar, so
misspellings or language differences are no longer key ways to
identify a social engineering attack. The combination of AI and the
willingness of attackers to spend more money to commit a cybercrime
make these attacks more automated.
Single sign-on (SSO) attacks: SSO
gives attackers a single entry point for multiple environments.
They can steal the sign-on information once and use it many times,
so organizations should be aware of the vulnerabilities that exist
when multiple environments can be accessed with the same login
information.
Multi-cloud attacks: As people
continue to push toward the cloud, there is a growing concern about
the gaps in visibility that exist in cloud environments. In 2023,
DirectDefense used newer technologies to see attacks taking place
in real-time in multiple clouds, respond, and remediate using
additional security solutions.
Living of the Land (LotL) abuse:
Once threat actors are on a computer, they are able to use admin
tools and permissions to move around freely. Attackers are using
the same tools organizations use to protect their network to stay
inside the environment.
Emerging threats for 2024
In looking at 2024, the DirectDefense team identified the five
emerging threats that top the list for security concerns:
SIM Swapping: SIM swapping
side-steps MFA measures by taking over phone accounts for key
personnel and porting those phone numbers over to the attacker’s
own SIM card on another device. Now, the attacker controls the
victim’s phone and can receive SMS-based codes for MFA and gain
access to corporate networks and services.
Use of Generative AI: AI has made
it harder than ever for organizations to protect against social
engineering attacks, even with security awareness. Threat actors
are becoming a lot savvier about localizing attacks to fit the
target region, and generative AI is making that tactic far more
effective. Beyond localization, which includes using the right
accents and terminology to appear safe and familiar, AI also allows
attackers to go so far as to impersonate identities and craft
believable emails.
Compromising Corporate AI Tools: In
addition to using AI as an attack vector, threat actors are also
using an organization’s own AI platform to gain network access.
Organizations will have to implement policies and procedures for
safely implementing and using AI tools to account for the
vulnerabilities that exist.
Going Around Endpoints: Attackers
are simply avoiding endpoints altogether and going right into an
organization’s network to attack on-premise cloud environments.
Endpoint avoidance works because there is little to no oversight
for cloud product development and if an organization also has poor
network segmentation, there are few if any barriers keeping an
attacker from moving easily throughout a cloud-networked
environment.
Infiltrating Incident Response
Communications: Attackers are increasingly adding insult to
injury by taking over incident response communication activities
following their attack to make it harder for organizations to
facilitate disaster recovery activities. If the attacker
infiltrates an organization’s communication systems, it drastically
undermines disaster recovery and incident response procedures,
delaying the organization’s ability to notify the right people, get
systems back online, recover data, and get back to business as
usual.
ThreatAdvisor, a single-platform SOAR solution for continuous
security monitoring and management, is a critical piece of
DirectDefense’s managed services offerings as it provides complete
network visibility in a centralized location. It helped
DirectDefense achieve an average time to respond to triaged
critical security events of 8 minutes. Over 90% of standard managed
detection and response (MDR) events were triaged by DirectDefense
without engaging the client’s security team. Nearly one-third of
events were promoted and triaged in collaboration with client
security teams and 80% of those were custom alerts that go beyond
standard MDR monitoring.
“Cybercrime is big business and it’s driving up the volume and
sophistication of cyberattacks, making it impossible for
organizations to stay on top of every threat,” said Jim Broome,
President and Chief Technology Officer for DirectDefense. “Getting
additional support from an MSSP can be invaluable to an
organization’s security program by helping to ensure attackers
can’t breach your network in the first place. Because once they’re
in, they can do a significant amount of damage and cost your
company millions.”
The full report can be found at:
https://go.directdefense.com/2023-Security-Operations-Threat-Report
Follow DirectDefense LinkedIn:
https://www.linkedin.com/company/directdefense/ X (formerly
Twitter): https://twitter.com/Direct_Defense Blog:
https://www.directdefense.com/resources/blog/
About DirectDefense, Inc.
DirectDefense provides enterprise risk assessments, penetration
testing, ICS/SCADA security services, and 24/7 managed security
services for companies of all sizes. Focused on building security
resiliency, the firm offers comprehensive security testing services
with specialization in application security, vulnerability
assessments, penetration testing, and compliance assurance testing.
Its team of highly talented consultants has worked with the
majority of the Fortune 100 companies, in industries such as power
and utility, gaming, retail, financial, media, travel, aerospace,
healthcare, and technology. More information can be found at
www.directdefense.com.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240424127698/en/
Cathy Summers Summers PR cathy@summers-pr.com 415-483-0480