HomeCII/OTSuspicious infrastructure fuels identity-based incidents with malicious logins

Suspicious infrastructure fuels identity-based incidents with malicious logins

Published on

spot_img

A report by Expel has revealed that 69% of identity-based incidents involved malicious logins from suspicious infrastructure, such as hosting providers or proxies that are not expected for a user or organization. This highlights the increasing threat of unauthorized access to sensitive information.

The report also found that identity-based incidents accounted for 64% of all incidents investigated by the Expel SOC, showing a significant increase of 144% from 2022 to 2023. The rise in these incidents is directly attributed to the availability of more phishing platforms on the dark market.

The increase in phishing platforms, known as “Phishing-as-a-service (PhaaS)”, allows buyers to deploy convincing credential harvesters for phishing campaigns. These harvesters can pre-fill the victim’s email address and load the appropriate branding and background for the target organization’s login page, making them appear convincingly like the expected login page.

Daniel Clayton, VP of Security Operations at Expel, emphasized the importance of human intuition and expertise in combating these threats. He highlighted that the collaboration and information sharing among security operators are crucial in improving security operations and combating common adversaries.

The report also noted a 72% increase in cloud infrastructure incidents, with 2 in 5 incidents caused by exposed credentials allowing attackers to maintain access to the environment. The majority of these incidents occurred in Amazon Web Services (AWS), highlighting the importance of addressing cloud misconfigurations to prevent unauthorized access to environments.

Additionally, the report highlighted the rise of QR code phishing, with attackers turning to script-based files for pre-ransomware initial access. This method allows attackers to bypass traditional endpoint security measures by directing users to malicious domains using QR codes, moving the activity from the workstation to the user’s mobile device.

Dave Merkel, CEO at Expel, underscored the importance of sharing knowledge and experiences from analysts with the larger security community to collectively combat sophisticated cyber threats.

Overall, the report sheds light on the evolving tactics used by attackers to gain unauthorized access to sensitive information and the importance of proactive measures to address these threats. It serves as a valuable resource for security professionals in identifying and mitigating the risks associated with identity-based incidents and phishing attacks.

Source link

Latest articles

How Agentic AI Reshapes the Modern SOC

The Evolution of Cybersecurity: Embracing Agentic AI in Security Operations Centers In the ever-changing landscape...

Non-Interactive SSH Attacks Surge Post-Login

A recent study utilizing eleven SSH honeypots has illuminated critical insights into the nature...

New Avalon Malware Framework Enhances CrownX Ransomware Features

Cybersecurity researchers have uncovered a previously unknown modular malware framework known as Avalon, which...

Fake Google and Cloudflare Verification Pages Distributing StealC, HijackLoader, and NetSupport Malware

Increased Exploitation of ClickFix Social Engineering Campaigns: A Rising Threat Threat actors are currently leveraging...

More like this

How Agentic AI Reshapes the Modern SOC

The Evolution of Cybersecurity: Embracing Agentic AI in Security Operations Centers In the ever-changing landscape...

Non-Interactive SSH Attacks Surge Post-Login

A recent study utilizing eleven SSH honeypots has illuminated critical insights into the nature...

New Avalon Malware Framework Enhances CrownX Ransomware Features

Cybersecurity researchers have uncovered a previously unknown modular malware framework known as Avalon, which...