[ad_1]
Many organizations still rely on passwords as the primary defense mechanism to protect digital assets and accounts. However, the evolving threat landscape has made traditional password-based authentication inadequate in the face of sophisticated tactics adopted by adversaries. The worrying rise of identity-based attacks, which take advantage of compromised credentials and vulnerabilities in multi-factor authentication (MFA) and application programming interface (API) keys, has exposed a critical vulnerability that is threatening organizations. And puts individuals equally at risk.
MFA, once considered a strong security measure, has become a prime target for cybercriminals. These adversaries employ sophisticated tactics to bypass this additional layer of security, including exploiting vulnerabilities in authentication methods such as one-time passwords (OTP) through SIM swapping, SS7 attacks, or social engineering schemes aimed at The trick is to trick users into revealing credential information. As a result, organizations and individuals alike face increasing risks in the digital sphere.
After initiating the breach, adversaries waste no time in deploying tools or malware in the victim’s environment, and are able to complete the process within seconds during an interactive intrusion. One way to speed up any intrusion is to rely on detection attacks; In doing so, adversaries often gain credentials through phishing and social engineering and exploit vulnerabilities and trusted relationships rather than using traditional malware. This shift is evident in the increase in malware-free activity, which accounted for 75% of detections in 2023, up from 71% in 2022, according to the CrowdStrike Global Threat Report 2024.
Furthermore, access brokers – who obtain access to organizations and sell it to other criminal entities – contribute significantly to this trend, with the number of advertised access increasing by almost 20% in 2023 compared to the previous year.
The average breakout time for interactive e-crime intrusion activity has reduced from 84 minutes in 2022 to just 62 minutes in 2023. In some cases, adversaries have gained initial access in as little as two minutes and seven seconds, highlighting the organizations’ urgent need. Enhance your security and gain visibility across your entire system through the AI-native Extended Detection and Response (XDR) platform.
Particularly worrisome is the trend of theft of API keys, session cookies, other identity data, and Kerberos tickets, allowing adversaries to impersonate legitimate users and gain unauthorized access to resources. This ability to impersonate trusted entities significantly increases the risk of data breaches, financial loss, and reputational damage. As cyberattacks become more sophisticated and faster, organizations must prioritize identity security in 2024.
As organizations are increasingly adopting cloud computing for its agility and scalability, cloud environments have also become prime targets of identity-based attacks. In 2023, cloud-aware intrusions increased by a staggering 75%, with e-crime actors responsible for 84% of these incidents.
Adversaries have demonstrated a deep understanding of cloud environments, leveraging legitimate tools to exploit identities and rights, and move between on-premises and cloud infrastructures.
To address this growing threat of identity-based attacks, organizations must implement a comprehensive, multi-layered strategy that emphasizes identity protection, strong cloud security measures, and unified visibility across the entire attack surface. Here are some essential steps organizations should consider:
● Protect identities: With the increase in identity-based attacks, it is essential to implement identity threat protection capabilities and deploy technology capable of detecting and correlating threats across identities, endpoints, and cloud environments. It is also important to prioritize phishing-resistant MFA solutions and extend their coverage to legacy systems and protocols. Educate employees on how to recognize and respond to social engineering tactics.
● Secure Cloud: As cloud adoption continues to accelerate, ensure full visibility into applications and APIs to eliminate misconfigurations and vulnerabilities. Cloud-native application protection platforms (CNAPPs) provide integrated monitoring and protection to discover and map attack surfaces, threats, and critical business risks.
● Increase visibility: Gain insight into critical areas of risk, by consolidating security solutions into a unified platform with AI capabilities. This allows organizations to detect and prevent breaches more efficiently.
● Improve reaction time: Opponents are getting faster. If organizations want to win the race against adversaries, they need to empower their security teams to respond rapidly and effectively to emerging threats. The best way to do this is to adopt modern cybersecurity platforms and embrace generative AI capabilities.
● Promoting a cybersecurity culture: While technical solutions are important, human factors remain a critical component of effective cybersecurity. Organizations should empower users with awareness programs to combat phishing and social engineering threats and conduct regular tabletop exercises and red/blue teaming to identify deficiencies and strengthen cybersecurity practices and incident response capabilities .
In the era of MFA hacks and API major vulnerabilities, relying solely on traditional security measures is no longer enough. By prioritizing identity protection, cloud security and unified visibility, and fostering a strong cybersecurity culture, businesses can strengthen their defenses against the constantly evolving threat landscape and mitigate the risks posed by identity-based attacks. Are.
This article is written by Fabio Frattusello, CTO International at CrowdStrike.
[ad_2]
