Identity-based attacks and living-off-the-land behaviors are the top threats organizations faced in 2021, according to a new research report by Blumira, a detection and response specialist.
Blumira released its 2022 State of Detection and Response Report under the backdrop of an increasingly challenging threat landscape, amid ransomware, software supply chain attacks, data breaches, and more. The report is based on 33,911 key findings from a sample including 230 organizations that took place over the course of 2021.
Blumira pointed out that according to an IBM report on the cost of a data breach, the average time to detect and respond to a breach is 287 days, illuminating the need for solutions that provide faster time to detect and respond, including initial deployment. "Organizations, especially small and medium-sized businesses, need help with faster detection and response to keep up with latest threats and protect against breaches," said Jim Simpson, Blumira chief executive. "Expediting time to security for faster response is key to better overall security outcomes."
Blumira clams that its solution’s average time to detect a threat is 32 minutes, while the average time to respond, or how quickly an organization closed out a finding, was six hours. Compared to the industry average, Blumira's time to detect and to respond is 99% faster.
Here are some of the study’s top findings:
- Organizations moving to cloud services to support their remote workers without a solid understanding of their exposed attack surface exposed that knowledge gap. Threat actors take advantage of those knowledge gaps by exploiting, misusing or stealing user identities.
- Attempts to authenticate a fake login page designed especially to lure attackers, was Blumira's #1 finding of 2021. Identity-driven techniques accounted for three out of Blumira's top five findings at 60%. Cloud environments are particularly vulnerable to credential stuffing, phishing, password spraying and more
- Living-off-the-land techniques, or threat actors leveraging built-in tools that make it appear as though they are legitimate users within an organization's environment, take place over days or weeks and can go undetected by endpoint detection and response solutions that rely on known malicious tools to work. By that time it may be too late should an attacker infect an environment with malware.
- Microsoft 365 is one of the most popular cloud productivity suites. Attackers showed patterns of Microsoft-related activity, including activity associated with password spraying, lateral movement and business email compromise.
- Investing in solutions that provide faster time to detect and respond, including initial deployment, can result in lower costs for organizations.