Create a free Industrial Equipment News account to continue

Report Finds Historic Shift in Hacker Tactics

While the threat landscape continues to shift and evolve, attackers’ motivations do not.

Online Safety And Security

Red Canary recently unveiled its sixth annual Threat Detection Report, examining the trends, threats, and adversary techniques that organizations ought to prioritize. The report tracks MITRE ATT&CK® techniques that adversaries abuse most frequently throughout the year, and two new and notable entries soared to the top 10 in 2023:

  • Email Forwarding Rule
  • Cloud Accounts. 

Red Canary’s latest report provides analysis of nearly 60,000 threats detected with the more than 216 petabytes of telemetry collected from customers’ endpoints, networks, cloud infrastructure, identities, and SaaS applications. The research shows that while the threat landscape continues to shift and evolve, attackers’ motivations do not. The classic tools and techniques adversaries deploy remain consistent–with some notable exceptions.

Red Canary also noted several broader trends impacting the threat landscape, such as the emergence of generative AI, the continued prominence of remote monitoring and management (RMM) tool abuse, the prevalence of web-based payload delivery like SEO poisoning and malvertising, the increasing necessity of multi-factor authentication (MFA) evasion techniques, and the dominance of brazen but highly effective social engineering schemes such as help desk phishing.  

“The top 10 threats and techniques change minimally year over year, so the drift that we’re seeing in the 2024 report is significant. The rise of cloud account compromises from 46 to number 4 is unprecedented in our dataset–and it’s a similar story with email forwarding rules,” said Keith McCammon, Chief Security Officer, Red Canary.

Key findings include:  

  • Cloud Accounts was the fourth most prevalent MITRE ATT&CK technique Red Canary detected in 2023, rising from 46th in 2022, increasing 16x in detection volume and affecting three times as many customers in 2023 than in 2022.
  • Detections for malicious email forwarding rules rose by nearly 600 percent, as adversaries compromised email accounts, redirected sensitive communications to archive folders and other places users are unlikely to look, and attempted to modify payroll or wire transfer destinations, rerouting money into the criminal’s account.
  • Half of the threats in top 10 leveraged malvertising and/or SEO poisoning, occasionally leading to more serious payloads like ransomware precursors.
  • Half of the top threats are ransomware precursors that could lead to a ransomware infection if left unchecked, with ransomware continuing to have a major impact on businesses.
  • Despite a wave of new software vulnerabilities, humans remained the primary vulnerability that adversaries took advantage of in 2023.
  • Uptick in macOS threats–in 2023 Red Canary detected more stealer activity in macOS environments than ever before, along with instances of reflective code loading and AppleScript abuse.
  • Container escapes–where adversaries exploit vulnerabilities or misconfigurations in container kernels and runtime environments to “escape” the container and infect the host system.
  • Reflective code loading is allowing adversaries to evade macOS security controls and run malicious code on otherwise hardened Apple endpoints.
  • Manufacturing: Replication through removable media, such as USBs, was more common—likely due to a reliance on air-gapped or pseudo air-gapped physical infrastructure and legacy systems.
  • Patching vulnerabilities is key. It remains tried and true as one of the best ways to insulate yourself from risk.

The full report can be found here, as well as the condensed executive summary

More in Advanced Mfg