A recent report from cybersecurity firm Red Canary sheds light on the increasing prevalence of cloud account compromises and email forwarding rule abuse, highlighting concerning trends that organizations need to address.
Red Canary’s sixth annual Threat Detection Report delves into the evolving landscape of cyber threats, focusing on trends, adversary techniques, and areas of concern for organizations in the foreseeable future.
Key Findings:
- Cloud Accounts: The report identifies a significant uptick in cloud account compromises, ranking as the fourth most prevalent MITRE ATT&CK technique detected by Red Canary in 2023. This marks a notable rise from its previous position at 46th in 2022, with a 16x increase in detection volume and impacting three times as many customers.
- Email Forwarding Rule Abuse: Instances of malicious email forwarding rules surged by nearly 600 percent in 2023. Attackers exploited compromised email accounts to redirect sensitive communications, manipulate payroll or wire transfer destinations, and reroute funds into their accounts, posing serious risks to organizations.
- Ransomware Precursors: Half of the top threats identified in the report are ransomware precursors, emphasizing the persistent threat of ransomware attacks and their detrimental impact on businesses.
Emerging Threats and Trends:
- macOS Vulnerabilities: Red Canary observed a notable increase in macOS threats, including heightened stealer activity and instances of reflective code loading and AppleScript abuse, underscoring the need for enhanced security measures in macOS environments.
- Diverse Attack Vectors: The report highlights broader trends such as the emergence of generative AI, the continued abuse of remote monitoring and management (RMM) tools, and the prevalence of web-based payload delivery methods like SEO poisoning and malvertising. Social engineering tactics, such as help desk phishing, also remain highly effective for adversaries.
Insights and Recommendations:
- Identity Protection: Keith McCammon, Chief Security Officer at Red Canary, emphasizes the critical importance of securing corporate identities and identity providers, as many attacks target privileged credentials to gain unauthorized access to valuable accounts.
- Sector-Specific Threats: While adversaries rely on a consistent set of techniques across sectors, certain industries experience tailored threats. Understanding sector-specific risks, such as Visual Basic and Unix Shell exploits in healthcare, enables organizations to fortify their defenses effectively.
Recommended Actions:
- Validate Defenses: Organizations are urged to assess their defenses against top threats and techniques, leveraging resources like Red Canary’s open-source test library, Atomic Red Team, to enhance security posture.
- Patch Management: Regular patching of vulnerabilities remains essential in mitigating risks and preventing exploitation by adversaries.
- Cloud Expertise: Organizations should prioritize cloud expertise, ensuring proper permissions and configurations while monitoring cloud activity effectively to distinguish between suspicious and legitimate behavior.
Upcoming Event:
- Cloud Transformation Conference: For business and technology leaders seeking insights into cloud adoption and transformation, the upcoming Cloud Transformation Conference offers a valuable opportunity to explore practical strategies and emerging trends in the cloud landscape.
