Expel, a renowned security operations center (SOC), has released its Quarterly Threat Report (QTR) which highlights the latest trends, notable behaviors, and attacks witnessed in the previous quarter. By sharing insights into how attackers gained access and how Expel successfully prevented them, the QTR serves as a valuable resource to inform an organization’s security strategy. The report provides an in-depth analysis of various incidents, including the fact that 56% of all incidents involved account compromise or account takeover in Microsoft 365. Additionally, it highlights that 23% of incidents were related to the deployment of commodity malware and malware families associated with pre-ransomware operations. Furthermore, the QTR reveals that session cookie theft via attacker-in-the-middle (AiTM) phishing tripled from the previous quarter, accounting for 15% of all identified phishing attacks. The report also emphasizes the most commonly exploited vulnerability, which was the MOVEit Transfer zero-day, followed closely by a 10-year-old vulnerability. To gain a comprehensive understanding of these threats and patterns, the Expel QTR provides detailed information and recommendations that organizations can implement immediately to enhance their security measures.
Key points:
1. Expel’s Quarterly Threat Report (QTR) offers valuable insights into the latest trends and attacks witnessed in the previous quarter.
2. Account compromise or account takeover in Microsoft 365 accounted for 56% of all incidents identified by Expel.
3. The deployment of commodity malware and malware families linked to pre-ransomware operations represented 23% of all incidents.
4. Session cookie theft via attacker-in-the-middle (AiTM) phishing saw a significant increase, tripling from the previous quarter and comprising 15% of all identified phishing attacks.
5. The most commonly exploited vulnerability identified by Expel was the MOVEit Transfer zero-day, followed closely by a 10-year-old vulnerability.
6. The Expel QTR provides organizations with detailed information and recommendations to enhance their security measures and protect against these threats.
