A report by Expel has revealed that 69% of identity-based incidents involved malicious logins from suspicious infrastructure, such as hosting providers or proxies that are not expected for a user or organization. This highlights the increasing threat of unauthorized access to sensitive information.
The report also found that identity-based incidents accounted for 64% of all incidents investigated by the Expel SOC, showing a significant increase of 144% from 2022 to 2023. The rise in these incidents is directly attributed to the availability of more phishing platforms on the dark market.
The increase in phishing platforms, known as “Phishing-as-a-service (PhaaS)”, allows buyers to deploy convincing credential harvesters for phishing campaigns. These harvesters can pre-fill the victim’s email address and load the appropriate branding and background for the target organization’s login page, making them appear convincingly like the expected login page.
Daniel Clayton, VP of Security Operations at Expel, emphasized the importance of human intuition and expertise in combating these threats. He highlighted that the collaboration and information sharing among security operators are crucial in improving security operations and combating common adversaries.
The report also noted a 72% increase in cloud infrastructure incidents, with 2 in 5 incidents caused by exposed credentials allowing attackers to maintain access to the environment. The majority of these incidents occurred in Amazon Web Services (AWS), highlighting the importance of addressing cloud misconfigurations to prevent unauthorized access to environments.
Additionally, the report highlighted the rise of QR code phishing, with attackers turning to script-based files for pre-ransomware initial access. This method allows attackers to bypass traditional endpoint security measures by directing users to malicious domains using QR codes, moving the activity from the workstation to the user’s mobile device.
Dave Merkel, CEO at Expel, underscored the importance of sharing knowledge and experiences from analysts with the larger security community to collectively combat sophisticated cyber threats.
Overall, the report sheds light on the evolving tactics used by attackers to gain unauthorized access to sensitive information and the importance of proactive measures to address these threats. It serves as a valuable resource for security professionals in identifying and mitigating the risks associated with identity-based incidents and phishing attacks.