Cybersecurity company Red Canary recently released its 6th annual Threat Detection Report, providing an in-depth analysis of the cybersecurity trends and techniques that organizations should prioritize. According to the report, cloud account compromises and email forwarding rule abuses will increase significantly in 2023, with these two threats quickly rising to the top 10 rankings. This analysis is based on over 216 petabytes of telemetry collected throughout 2023 and helps investigate nearly 60,000 threats and provide valuable insights.
This report reveals that while the threat landscape is evolving, attacker motivations remain consistent. Their classic techniques are still commonly implemented, with exceptions. Specific findings show that cloud accounts are his fourth most detected technique, up from 46th in the ranking in 2022. In 2023, detection volume increased by 16 times and affected 3 times as many customers as in the previous year. The number of detections of malicious email forwarding rules skyrocketed by nearly 600% for him, leading to attempts to compromise email accounts and redirect financial transactions to criminals.
Of the top 10 threats, half use malvertising or SEO poisoning, which in some cases leads to the deployment of server payloads that look like ransomware precursors, and half of the top threats are ransomware precursors. This ransomware has been identified as a ransomware that, if left unaddressed, could lead to further ransomware infections. Humans, the primary vulnerability for adversaries in 2023, will remain the target of attacks such as accessing cloud service APIs, perpetrating payroll fraud through email forwarding rules, and ransomware attacks, despite new software vulnerabilities. It often happened.
“The changes seen in the 2024 report are significant, as the top 10 threats and technologies change very little from year to year,” said Keith McCammon of Red Canary. This is unprecedented for this data set.” This also applies to email forwarding rules. The golden thread that connects these attack modes is identity. To access the cloud account or his SaaS application, the attacker would need to compromise some form of her identity or credentials, and the highly privileged would give the attacker immense access. There is a possibility. Access to valuable accounts is restricted, highlighting the critical importance of protecting corporate identities and identity providers. ”
While traditional techniques persist, interesting variations have also been noted, such as attackers using Microsoft's new packaging tool, MSIX, to compile malicious installers. Container escape and reflective code loading in macOS were also prevalent, allowing adversaries to bypass macOS security controls and execute malicious code on Apple endpoints. Additionally, pressures on different sectors have led to different threat patterns. While healthcare has seen the proliferation of Visual Basic and Unix Shells, education has seen an increase in email forwarding and hiding rules, and manufacturing has experienced replication via removable media such as USB, financial services and insurance have seen less obvious changes. It wasn't. Techniques such as HTML smuggling and distributed component object models.
To ensure cybersecurity, Red Canary helps validate defenses against key threats and technologies, patch vulnerabilities, and gain expert understanding of cloud infrastructure usage within your organization. Recommended.
