Securonix and XDR today released its 2022 Threat Report, which highlights the trends, required data and detection summaries for key cyberthreats. A combination of persistent insider threats, cloud infrastructure misuse and abuse, and sophisticated advanced attacks has fostered a riskier environment, and the report revealed that new vulnerabilities are being identified at nearly double the pace of 2021.
The report found threats have become more complex and sophisticated in evolving, perimeter-less environments. As corporate networks extend to the cloud in support of a distributed workforce, threat actors are taking advantage of the security gaps presented by this expanded attack surface. Securonix research revealed indicators of compromise (IOCs) are up 380% year-over-year and the number of threats detected, analyzed and reported have increased by 218% during that time.
“We’ve noticed a substantial increase in the number of threats since the beginning of the year and the four areas that have been persistently active over the past 12 months are insider threats, cloud infrastructure, ransomware attacks, and IoT / OT attacks,” said Kayzad Vanskuiwalla, Director, Cyber Threat Hunting and Intelligence at Securonix. “As attack methods continue to shift, it is imperative that security teams understand these techniques and implement a plan that builds a foundation to integrate with the required data sets across all these relevant focus areas. This allows organizations to leverage preemptive detection strategies, improve their mean time to respond and maintain a strong security posture.”
Increased cloud migration and investments in cloud collaboration tools have made critical data – including intellectual property – more accessible to users than ever before. According to the report, increased reliance on cloud infrastructure has led to insiders modernizing their approach to data exfiltration. Securonix research found that amid the growing use of cloud storage and sharing platforms, email (68%) and content management products (68%) are the top egress vectors. Leveraging cloud apps and business collaboration services rather than traditional channels like USB has broadened the attack surface and created more opportunities for corporate data theft.
As enterprises strive to establish a balance between the ease of cloud services and the necessary security controls, cloud infrastructure misuse and abuse continue to be high-risk areas. The report found that users remain the primary cause of potential risk to cloud infrastructure, with challenges ranging from unintended platform modifications to inconsistent assigned privileges. Securonix Threat Labs also observed an increase in nation state actors misusing public cloud infrastructure services, evading defenses and setting up attack networks on major cloud platforms with relative ease.
Securonix research revealed threat actors and nation state-sponsored attackers are taking advantage of a larger attack surface and ransomware attacks have increased their activities this year. This has amplified the need for robust endpoint and network telemetry data to proactively investigate and detect threats. According to the report, collecting raw endpoint or network traffic analytics alone improves the detection of more than 70% of the methods described by MITRE ATT&CK.
The adoption rate of IoT devices is rapidly increasing and Securonix found that IoT and OT environments are a growing area of concern for enterprise organizations. IoT contains a considerable amount of user data, and the consequences of a security breach can be highly damaging as it impacts both virtual and physical systems. The report notes it is critical for security teams to understand the unique characteristics of IoT and OT that can be vulnerable and exploited by adversaries.
“The rise in global threats presents an increasingly challenging landscape for the enterprise and the public,” said Sina Chehreghani, Manager of Threat Hunting & Incident Response at Securonix. “The evidence in our research strongly indicates that organizations need to review anomalous user behavior and detection coverage to effectively respond to insider threats and the increasing risks presented by cloud infrastructure adoption. Furthermore, leveraging preemptive detection strategies can stop attackers earlier in the kill chain in ransomware attacks while combining the key data sources to look for unusual behavior provides more robust threat detection and response in IoT and OT environments.”
To access the full report read here.