Quarterly Threat Report and defenderโs cheat sheet for Google Cloud Platform help organizations stay ahead of cybersecurity threats.
Expel, the managed security provider that aims to make security easy to understand, use and improve, unveiled new threat research and cloud detection, response and remediation resources at Black Hat USA 2022.
โAs defenders, we need to use every advantage we have. One of those is all of us being part of a defense community, sharing knowledge about threats, vulnerabilities, defensive strategiesโto better protect each other,โ said Dave Merkel, CEO and co-founder of Expel. โI hope our threat intel and cloud security resources are useful to both our customers and the cybersecurity community at large.โ
Latest ITechnology News:ย Amdocsโ Vubiquity Expands Content Services Agreement with Oi
Quarterly Threat ReportโQ2 2022.ย The Expel Quarterly Threat Report (QTR) showcases the established and emerging trends and incidents the Expel security operations center (SOC) team observed across customer environments. The SOC team gathers its findings through investigations into alerts, email submissions, and hunting leads and threats from the second quarter of 2022 (April 1 to June 30). A thorough analysis of incidents identifies patterns and trends to help guide strategic decision-making and operational processes.
Some key takeaways from the QTR include:
- Identity-based attacksโwhich include credential theft, credential abuse, and long-term access key theftโaccounted for 56% of all incidents identified by the Expel SOC in Q2.
- Ransomware threat groups and their affiliates have mostly abandoned the use of Visual Basic for Application (VBA) macros and Excel 4.0 macros to gain initial entry to Windows-based environments.
- Fourteen percent of identity attacks against cloud identity providers satisfied the multi-factor (MFA) requirement by continuously sending โPushโ notifications to users until they approved.
The QTR also outlines recent findings in business email compromise (BEC), business application compromise (BAC), phishing, and cloud security incidents, among others topic areas. Download the QTR for Q2 2022ย here.
Latest ITechnology News:ย AdvoLogix Powers Integration Between iManage and Salesforce Sales Cloud
MITRE ATT&CK in Google Cloud Platform: A defenderโs cheat sheet.ย As threat actors increasingly operate in the cloud, the Expel SOC team observes their activity and strategies to share information to educate defenders.ย The MITRE ATT&CK guide for Google Cloud Platform (GCP) contains a breakdown of the tactics the Expel SOC team sees attackers use most often during attacks in GCP. The guide also includes best practices for investigating incidents, and helps inform organizationsโ GCP alert triage, and incident response to quickly remediate issues. Lastly, this cheat sheet includes a โmind mapโ that lays out the relationship between MITRE ATT&CK tactics, GCP services, and API calls to help security teams better understand how threat actors execute attacks. To learn more and download the defenderโs cheat sheet for MITRE ATT&CK in GCP, visit thisย page.
Expel Cloud Detection and Response. Expel ingests events and log data from GCP, Amazon Web Services (AWS), and Azure and enriches it with customer-specific context such as the type of environment (e.g., production, development) or user (e.g., admin) to hone detection based on risk and expected behaviors. Expel layers on the detections, ingesting security signal from cloud-native services and writing custom detections tailored to each cloud provided from the logs in the cloud admin control plane. Expelโs cloud infrastructure strategy is focused on catching misconfigurations, suspicious logins and unusual admin activity, like resource sharing.
Latest ITechnology News:ย SimSpace Chooses The Nuvias Group as its First Distributor in the UK
[To share your insights with us, please write toย sghosh@martechseries.com]
