A combination of persistent insider threats, cloud infrastructure misuse and abuse, and sophisticated advanced attacks has fostered a riskier environment, and the report revealed that new vulnerabilities are being identified at nearly double the pace of 2021, according to Securonix.
In response to the rise in the number of observed global threats, Securonix Autonomous Threat Sweeper (ATS) distributed 482% more threat awareness notifications to subscribers than it did a year ago.
The 2022 Securonix Threat Report found that threats have become more complex and sophisticated in evolving, perimeter-less environments.
As corporate networks extend to the cloud in support of a distributed workforce, threat actors are taking advantage of the security gaps presented by this expanded attack surface.
Securonix research revealed indicators of compromise (IOCs) are up 380% year-over-year and the number of threats detected, analyzed and reported have increased by 218% during that time.
“The four areas that have been persistently active over the past 12 months are insider threats, cloud infrastructure, ransomware attacks, and IoT / OT attacks,” said Kayzad Vanskuiwalla, director of Cyber Threat Hunting and Intelligence at Securonix.
“As attack methods continue to shift, it is imperative that security teams understand these techniques and implement a plan that builds a foundation to integrate with the required data sets across all these relevant focus areas,” said Vanskuiwalla. “This allows organisations to leverage preemptive detection strategies, improve their mean time to respond and maintain a strong security posture.”
According to the report, increased reliance on cloud infrastructure has led to insiders modernising their approach to data exfiltration.
Securonix research found that amid the growing use of cloud storage and sharing platforms, email (68%) and content management products (68%) are the top egress vectors.
Leveraging cloud apps and business collaboration services rather than traditional channels like USB has broadened the attack surface and created more opportunities for corporate data theft.
The report also found that users remain the primary cause of potential risk to cloud infrastructure, with challenges ranging from unintended platform modifications to inconsistent assigned privileges.
Securonix Threat Labs also observed an increase in nation state actors misusing public cloud infrastructure services, evading defenses and setting up attack networks on major cloud platforms with relative ease.
Securonix research revealed threat actors and nation state-sponsored attackers are taking advantage of a larger attack surface and ransomware attacks have increased their activities this year.
This has amplified the need for robust endpoint and network telemetry data to proactively investigate and detect threats. According to the report, collecting raw endpoint or network traffic analytics alone improves the detection of more than 70% of the methods described by MITRE ATT&CK.
The adoption rate of IoT devices is rapidly increasing and Securonix found that IoT and OT environments are a growing area of concern for enterprise organizations.
IoT contains a considerable amount of user data, and the consequences of a security breach can be highly damaging as it impacts both virtual and physical systems.
The report notes it is critical for security teams to understand the unique characteristics of IoT and OT that can be vulnerable and exploited by adversaries.