Blumira on Wednesday released a report that said identity-based attacks and living-off-the-land behaviors were the top two threats organizations faced in 2021.
The new data was based on an analysis of Blumira’s security detections across log datasets of 230 organizations.
Among the leading findings was that identity attacks surged. Attempts to authenticate into a honeypot or a fake log-in page designed to lure attackers was Blumira’s No. 1 finding of 2021. Identity-driven techniques accounted for three out of Blumira’s top five findings at 60%.
The past few years accelerated change in the modern workplace with regards to how employees use tools to access and get work done, said Jim Simpson, CEO at Blumira. Simpson said unfortunately, threat actors are acutely aware that those changes often create security gaps, especially when it comes to managing identities.
“The rise in identity-based attacks that we observed is a reminder that organizations need more visibility across their environments, especially cloud and hybrid environments,” Simpson said.
Zane Bond, director of product management at Keeper Security, said most attacks have several phases, from initial compromise, to recon, lateral movement, and then exfiltration. Bond said these identity-based attacks became a little easier after COVID, because everyone needed remote access to systems, and that access was set up in a hurry.
“Companies were focused more on getting everyone up and working than they were on security,” Bond said. “Using a password manager, in conjunction with a secrets management solution, can mitigate many of these types of attacks. Secure browser extensions, long, randomized passwords, and secure sharing largely mitigate password spraying, credential stuffing, and phishing. Even post-compromise, a secrets management solution can ensure that highly privileged credentials are not long standing on the target, but are only retrieved at runtime.”
Erkang Zheng, founder and CEO at JupiterOne, said that identity-defined security has become essential to organizations today. Zheng added that cybersecurity and infrastructure tooling shouldn't operate in silos.
“Identity is not a tool that’s meant to stand alone,” Zheng said. “A strong security program connects identity directly to the infrastructure and security-related cyber assets in the enterprise. Without identity connections and context, security remains weak.”