Search
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Blumira Releases 2022 State of Detection and Response Report, Revealing Identity-Based Attacks as Top Threat in 2022

May 2022 by Blumira

Blumira released the 2022 State of Detection and Response Report, a new research report that analyzed Blumira’s security detections across log datasets of 230 organizations. The report revealed identity-based attacks and living off the land behaviors as top threats organizations faced in 2021.

Blumira released this report under the backdrop of an increasingly challenging threat landscape, with ransomware, software supply chain attacks, data breaches, and more becoming an almost daily occurrence. Attacker dwell time is also decreasing; ransomware attacks happen quickly from initial compromise to infection and deployment.

“Organizations, especially small and medium-sized businesses, need help with faster detection and response to keep up with latest threats and protect against breaches,” said Jim Simpson, CEO of Blumira. “Expediting time to security for faster response is key to better overall security outcomes.” An analysis of Blumira’s average time to detect a threat was 32 minutes, while the average time to respond, or how quickly an organization closed out a finding, was six hours. Compared to the industry average, Blumira’s time to detect and to respond is 99% faster.

Research Key Findings

Identity-based attacks surged - Access attempts were a common theme, as the pandemic forced many organizations to move to cloud services to support their remote employees. For organizations without a solid understanding of their exposed attack surface, moving to a cloud environment only highlighted that knowledge gap. Threat actors take advantage of those knowledge gaps by exploiting, misusing or stealing user identities.

Attempts to authenticate into a honeypot, or a fake login page designed especially to lure attackers, was Blumira’s #1 finding of 2021. Identity-driven techniques accounted for three out of Blumira’s top five findings at 60%. Cloud environments are particularly vulnerable to identity-based attacks such as credential stuffing, phishing, password spraying and more. Rapid detection of these attacks can enable organizations to respond and contain an identity-based attack faster, helping stop an attack from progressing further.

Living off the land techniques are a common threat - Research also observed usage of living off the land (LotL) techniques, or threat actors leveraging built-in tools that make it appear as though they are legitimate users within an organization’s environment.

Among Blumira’s top findings were various instances of living off the land techniques, including:

service execution with lateral movement tools, PsExec use and potentially malicious PowerShell commands.

Taking place over days or weeks, these types of attacks can go undetected by endpoint detection and response (EDR) solutions that rely on the detection of known malicious tools. By that time, it may be too late—for example, when an attacker introduces malware into the environment.

Microsoft 365 Activity - Microsoft 365 is one of the most popular cloud productivity suites, and Blumira’s findings revealed patterns of Microsoft-related activity, including activity associated with password spraying, lateral movement and business email compromise.

SIEM Adoption in 2022

Investing in solutions that provide faster time to detect and respond, including initial deployment, can result in lower costs for organizations. In keeping with market needs, Blumira recently launched the industry’s only free, self-service cloud security information and event management (SIEM) for Microsoft 365; and new paid editions that enable IT teams of all sizes to close security gaps and achieve rapid time to security.




See previous articles

    

See next articles