A summary of a cybersecurity firm’s user base threat trends has shown an increase of over 200%.
In a threat report based on internal security teams’ cyber incidence investigations over the last 12 months and with “telemetry from select anonymized data”, a cybersecurity firm has announced that “new vulnerabilities are being identified at nearly double the pace of 2021.”
A combination of persistent insider threats; cloud infrastructure misuse and abuse; and sophisticated advanced attacks has fostered a riskier environment, according to the report, referring to the fact that the firm’s threat awareness notifications to subscribers had increased by 482% in volume.
Threats have become more complex and sophisticated in evolving, perimeter-less environments, and threat actors are taking advantage of the security gaps presented by the expanded attack surface of a distributed global workforce. The number of threats detected, analyzed and reported has increased by 218%, while indicators of compromise were up 380% among the subscription user base.
The report cited that increased cloud migration and investments in cloud collaboration tools had made critical data — including intellectual property — more accessible to people in the period of study. Also, 68% of the growing use of cloud storage and sharing platforms involved email and content management products forming the top egress vectors.
Cloud infrastructure misuse and abuse continued to be high-risk areas in the data reviewed: humans remained the primary cause of potential risk to cloud infrastructure, with challenges ranging from unintended platform modifications to inconsistent assigned privileges. Further, an increase in state-sponsored actors misusing public cloud infrastructure services, evading defenses and setting up attack networks on major cloud platforms with relative ease was notable.
These advanced persistent state-sponsored threat actors had been taking advantage of a larger attack surface and ransomware attacks have increased in the period of study. Also, 70% or more of the methods described by MITRE ATT&CK were improved via collecting raw endpoint or network traffic analytics alone.
Finally, the adoption rate of IoT devices was rapidly increasing among the user base, and IoT and Operational Technology (OT) environments were a growing area of concern for enterprise organizations surveyed. The report notes it is critical for security teams to understand the unique characteristics of IoT and OT that can be vulnerable and exploited by adversaries.
According to Kayzad Vanskuiwalla, Director of Cyber Threat Hunting and Intelligence, Securonix, which produced the 2022 threat report: “As attack methods continue to shift, it is imperative that security teams understand these techniques and implement a plan that builds a foundation to integrate with the required data sets across all these relevant focus areas. This allows organizations to leverage preemptive detection strategies, improve their mean time to respond and maintain a strong security posture.”
The firm asserts that organizations need to review anomalous user behavior and detection coverage to effectively respond to insider threats and the increasing risks presented by cloud infrastructure adoption. Furthermore, leveraging preemptive detection strategies can stop attackers earlier in the kill chain in ransomware attacks, while “combining the key data sources to look for unusual behavior provides more robust threat detection and response in IoT and OT environments.”