Guest Editorial by Ben Brigida, Director, SOC Operations, Expel
While there’s no tried-and-true crystal ball, one of the more reliable ways to predict the future is to observe recent trends.
As a security operations provider, Expel is uniquely positioned to observe and analyze security trends across a wide range of customers and industries.
In the interest of information sharing to inform the defender community better, we publish what we observe in an annual report designed to increase public awareness of the most pressing security trends facing today’s organizations. This year’s report highlights the most notable security trends from 2022 and how they’ll continue to impact the threat landscape throughout 2023.
Among the trends highlighted in the report are ongoing threats to identity and cloud security, the growth of ransomware, and the success of nefarious phishing tactics. The full report is available here for a more in-depth analysis of the findings.
Below, we walk through some of the latest ‘Great eXpeltations’ report’s most important discoveries and recommendations for detecting and preparing for today’s advanced threats.
Identity Threats Continue to Reign Supreme
The prevalence of identity-based threats is hardly news to anyone in the security industry. Still, it’s important to understand adversaries’ specific attack tactics to gain access to those identities.
Business email compromise (BEC) remains the most common method, accounting for 50% of all incidents in the report. Nearly all detected BEC attempts (99%) occurred within Microsoft365, underscoring that attackers are continuing to circumvent the platform’s protections.
Of those, 11% bypassed multi-factor authentication (MFA) using legacy protocols (which are now disabled by default for Microsoft 365), and tactics like adversary-in-the-middle (AiTM) phishing attacks are increasingly used to gain initial access.
(In today’s hybrid and multi-cloud world, where every identity represents a potential attack path to an organization’s most valuable assets, traditional network barriers are not enough to secure the perimeter. That’s the importance of a robust Identity Security strategy. See how your organization can embrace a Zero Trust approach to protecting an ever-expanding number and diversity of identities. Courtesy of CyberArk, the 2022 ‘ASTORS’ Homeland Security Award Winner for Best Privileged Access Security Solution for its CyberArk Identity Security Platform, and YouTube.)
This is no small problem: over half of the organizations experienced at least one BEC attempt during 2022, and one was targeted 104 times. Many of these attacks targeted systems like Workday, which helps organizations manage their employees.
Upon gaining access to these systems, attackers can modify a compromised user’s payroll settings to add the attacker’s direct deposit information, rerouting the victim’s paycheck directly to the attacker’s account. This is notable because it highlights the blurring of the lines between BEC and BAC (business application compromise) attacks: access to an email account is often no longer the attacker’s ultimate destination but a potential pathway to another platform like Workday.
These trends have continued into 2023, and businesses need a plan to deal with them. A good first step is to deploy phish-resistant MFA using Fast ID Online 2 (FIDO)—or, if FIDO-only authentication is unrealistic, disable the option for email, SMS, voice, and time-based one-time passwords (TOTPs) in favor of more secure push notifications.
(See how Expel for Phishing eliminates the time required to sift through suspicious emails. How? Your employees send potential phishing emails, and Expel analysts take it from there, doing all the investigative work then advises you and your employee whether the email was malicious or not. Expel go beyond just looking at the email. Integration with your endpoint detection and response (EDR) tool allows them to scope the impact by determining all users who clicked on the email. Courtesy of Expel and YouTube.)
It’s also a good idea to block access to authentication systems from suspicious network zones based on IP addresses, autonomous system numbers (ASN), IP types, and geolocation. These steps won’t solve every problem—but with attackers continuing to deploy these same tactics in 2023 and beyond, they will certainly help.
Cloud Security Incidents Are Rising Rapidly
Cloud security incidents increased by 70 percentage points over 2021. This makes sense—as cloud adoption continues to soar, so will attacks targeting the cloud—but that doesn’t make it any less concerning.
As with identity threats, attackers are beginning to move away from authenticating via legacy protocols and instead toward frameworks like Evilginx2 and AiTM phishing attacks to bypass MFA security. This can be addressed by adopting FIDO and certificate-based authentication, but most organizations have yet to adopt FIDO factors for MFA.
Attackers accessed cloud infrastructure by either compromising cloud credentials (44%) or exploiting a service or application running on a cloud compute instance to engage in configuration abuse (56%) and the deployment of cryptocurrency miners (20%) or commodity malware (13%) were among the most common outcomes. As commodity malware becomes easier for attackers to obtain and crypto mining continues to be lucrative for attackers, neither trend is going anywhere.
Protecting against cloud attacks is difficult, but steps like avoiding static identity and access management (IAM) credentials can help.
Adopting a zero-trust mentality is also a good idea, and organizations should separate high-privilege permissions into different groups and roles, only providing access as needed. Other steps, like periodically rotating permanent access keys, limiting (and alerting on) root access and usage, and enforcing least privilege controls, can also help.
(It’s no secret that much of the world’s malware and ransomware makes it to organizations through infected files. This overview video explains how Zero Trust Content Disarm and Reconstruction (CDR) strips malware from office documents, images, and PDFs. Put an end to Zero Day malware with Forcepoint Zero Trust CDR, which took home the Gold for Best Phishing Defense Solutions in the 2022 ‘ASTORS’ Homeland Security Awards Program. Courtesy of Forcepoint and YouTube.)
Ransomware Isn’t Going Away
Unfortunately, ransomware is here to stay. Pre-ransomware activity accounted for 11% of all incidents in the report, a notable increase of seven percentage points over 2021.
In 44% of those incidents, attackers used zipped JavaScript files to gain initial access. In another 12%, ISO files were used instead.
This is particularly interesting, as it appears to mark a new tactic for attackers—in 2021, we never observed attackers using ISO files to gain initial access. Also interesting is that 9% of ransomware incidents start from an infected USB drive. Even as attackers grow more creative and their tactics more advanced, older methods continue to find success.
Ransomware should concern every industry, but manufacturing, entertainment, and legal services lead the way in the report. This means detecting and stopping ransomware should be a priority for every business.
A few simple steps can help, such as configuring JavaScript, Windows Script Files, and HTML for application files to open with Notepad rather than allowing them to execute directly.
Other steps include disabling macros in files downloaded from the internet and ensuring regular patching and updating cadence for all software and hardware.
Phishing Attacks Still Work
Phishing tends to go hand-in-hand with identity-based attacks, but it’s worth calling out specifically, given its prevalence.
Of the malicious email submissions included in the report, 88% were credential harvesters, highlighting that credential theft via phishing remains a major focus for today’s attackers. Although phishing tactics are fairly well known, attackers are improving—finding new ways to prompt engagement, including personalized, urgent-seeming subject lines.
Actionable, time-sensitive, and financially driven social engineering themes are the most successful at fooling recipients into engaging with the attacker.
As long as attackers continue to find success with phishing emails, they will continue to deploy them. Organizations looking to defend themselves should start by ensuring FIDO-based MFA is used whenever possible.
They should also consider deploying a secure email gateway (SEG) to monitor incoming and outgoing messages for suspicious activity and to invest in security training to help employees recognize evolving phishing tactics.
(With up to 95 % of security breaches involving human error, only 11% of global companies conduct monthly security awareness training. See how to target your weakest link – human error – with Mimecast’s fun-loving Awareness Training modules. Courtesy of 2022 ‘ASTORS’ Multi Homeland Security Award Champion Mimecast and YouTube.)
Preparing for the Future
Understanding recent trends can help organizations better prepare for future threats.
The recent increase in cloud-based attacks offers clear insight into where adversaries see opportunities to exploit potential vulnerabilities. Understanding how their tactics have evolved can help businesses protect themselves moving forward.
Although challenges like identity-based attacks, ransomware, and phishing are not new, identifying how and why those attacks are still finding success is important. The security trends of 2022 are still making themselves known in 2023—and those organizations that do not learn from the past are doomed to repeat it.
To read the full Great eXpeltations 2023: Cybersecurity Trends and Predictions report, click here.
(Hear from Dave Merkel, Co-founder and CEO at Expel about their Great eXpeltations – the company’s annual cybersecurity trends and predictions report, including a little behind why they’ve made this thing and a sneak peak at what you can expect in it. Learn more about the most important infosec threats, what to do about them, and predictions for the year ahead. Courtesy of Expel and YouTube.)
About the Author
Ben Brigida is the Director of SOC Operations at Expel. In this role, he’s responsible for making sure Expel maintains the quality of delivery customers have come to expect.
Bridgida has been with Expel since the company’s inception in 2016. Before Expel, Ben worked in FireEye’s security operations center (SOC).
Learn More…
CyberArk, Forcepoint, and Mimecast Score Wins in 2022 ‘ASTORS’ Awards Program
American Security Today’s Annual ‘ASTORS’ Awards is the preeminent U.S. Homeland Security Awards Program, and now entering it’s Eighth Year, continues to recognize industry leaders of Physical and Border Security, Cybersecurity, Emergency Preparedness – Management and Response, Law Enforcement, First Responders, as well as federal, state and municipal government agencies in the acknowledgment of their outstanding efforts to Keep our Nation Secure.
CyberArk
Best Identification Management Solution
-
CyberArk Identity Security Platform
-
The CyberArk Identity Security Platform is an end-to-end identity access management solution that enforces privilege, enables access, and secures DevOps.
-
The CyberArk Identity Security platform is centered on privileged access management and offers the most complete and flexible set of least privilege-based identity and access capabilities, and is used to protect agencies across all three branches of the U.S. federal government – including multiple Department of Defense deployments
-
The CyberArk Identity Security platform is centered on privileged access management and offers the most complete and flexible set of least privilege-based identity and access capabilities, and is used to protect agencies across all three branches of the U.S. federal government – including multiple DoD deployments.
-
CyberArk delivers a comprehensive privileged access management solution designed to eliminate advanced cyber threats by identifying existing privileged accounts across networks, then proactively managing, monitoring, and protecting those accounts to reduce risk and improve security and compliance.
-
CyberArk continuously scans and monitors environments to discover and manage privileged credentials, isolates those credentials, so they are never exposed to an end-user, isolates privileged sessions to safeguard critical systems, and automatically records and stores those sessions to enhance audit capabilities.
(Learn more from Udi Mokady, Co-Founder, Chairman & CEO of CyberArk, in his recent keynote address at Cybertech Global Tel Aviv Expo. Courtesy of CyberArk and YouTube.)
- *CyberArk was also recognized as a 2021, 2020, 2019, and 2018 ‘ASTORS’ Awards Champion in the Annual Homeland Security Awards Programs, respectively.
Forcepoint
Best Phishing Defense Solutions
-
Zero Trust Content Disarm and Reconstruction
-
Forcepoint is leading the shift from outdated and ineffective malware and ransomware detection strategies to a proven prevention strategy rooted in Zero Trust principles.
-
With its Zero Trust Content, Disarm, and Reconstruction (ZT CDR) solution, Forcepoint gives IT and security teams a fresh new way to proactively protect their organization from ever-increasing malware and ransomware threats.
-
Forcepoint ZT CDR differentiates itself from traditional security inspection solutions by, instead of trying to detect the presence of malware; it assumes nothing can be trusted. It extracts only valid business information from files – either discarding or storing the originals and any malware they might contain – and then builds brand new, fully functional files to carry the information to its destination.
-
Pivoting from detection to prevention in this way is especially important with the recent evolution in hybrid workforces and digital transformation, and their resultant usage of content and electronic information everywhere.
-
By leveraging a data-first approach to malware threat removal, ZT CDR is revolutionary for mitigating the threat of compromised data that could lead to breaches.
(It’s no secret that much of the world’s malware and ransomware makes its way to organizations through infected files. See briefly how Zero Trust Content Disarm and Reconstruction (CDR) strips malware from office documents, images, and PDFs to put an end to Zero Day malware. Courtesy of Forcepoint and YouTube.)
-
*Forcepoint was also a recognized in the 2021, 2019, and 2018 ‘ASTORS’ Homeland Security Awards Programs respectively.
Mimecast (First of Two)
Best Phishing Defense Solutions
-
Mimecast Awareness Training
-
Hackers experience considerable success by taking advantage of the remote and hybrid workforce. Mimecast’s State of Email Security Report found that 75% of companies were hurt by a ransomware attack last year.
-
As hackers begin to redefine their tactics, stepping up their attacks and taking advantage of the increased number of attack vectors at their fingertips, Mimecast Security Awareness Training (AT) platform offers creativity and humor that keep end users engaged from start to finish, and research found employees who receive consistent cyber awareness training are five times more likely to spot and avoid clicking on malicious links.
-
Developed by top leadership from the U.S. military, law enforcement, the entertainment industry, and the intelligence community, Mimecast AT is developed with tactical security tests, like mock phishing emails, to test employee knowledge about cybersecurity best practices.
-
Mimecast AT educational videos cover various topics on phishing, remote/hybrid work, passwords, PII privacy, PCI, HIPAA, ransomware, CEO/wire fraud, data in motion, office hygiene, and GDPR, among others. The platform also collects insights on knowledge, behavior, and sentiment.
(With up to 95 % of security breaches involving human error, only 11% of global companies conduct monthly security awareness training. See how to target your weakest link – human error – with Mimecast’s fun-loving Awareness Training modules. Courtesy of Mimecast and YouTube.)
-
With human error involved in 90%+ of all security breaches, Mimecast AT combines video content with tactical security tests to help organizations across all industries and sizes reduce security risks associated with employee human error, and additionally data collected from training modules indicate the risk of human error, which is then used to provide additional training for employees who need it most.
Mimecast (Second of Two)
Best Email Security Solution
-
Mimecast X1 Platform
-
Mimecast’s X1 Platform provides world-class email security efficacy built on 20 years of experience.
-
With the processing of 2.4 billion emails daily, Mimecast gains visibility and holds the industry’s most robust view of the email threat landscape.
-
Mimecast’s X1 Precision Detection is engineered to apply the latest advancements in AI and machine learning to enable intelligent detection of emerging and unknown threat types, and the filtering out of malicious emails optimizes the efficacy of Mimecast’s AI and Machine Learning along with aiding their experts in making smart decisions about communications that fall into the gray area between safe or malicious.
(Whether you’re looking for robust (Secure Gateway) or agile (Cloud Integrated) Email Security that can support any email environment, see how you can find it from Mimecast Email Security & Resilience solutions. Courtesy of Mimecast and YouTube.)
-
Mimecast aims to stop bad things from happening to good organizations, and with the adoption of Mimecast’s X1 solution, 40,000 customer organizations and their employees can Work Protected™.
-
The combination of Mimecast’s reliance on digital dependency and threat actor behavior is core to their mission.
-
Mimecast X1 is the foundation of the Mimecast Product Suite, and powers fully integrated services that deliver industry-leading protection for communications, people, and data, making information actionable, and providing the reliability, resilience, and scale that the modern threat landscape demands.
-
Mimecast is a new competitor to the 2022 ‘ASTORS’ Homeland Security Awards Program.
In addition, the continually evolving ‘ASTORS’ Awards Program will highlight the trail of Accomplished Women in Leadership in 2023 and the Significance and Positive Impact of Advancing Diversity and Inclusion in our Next Generation of Government and Industry Leaders. #MentorshipMatters
So be on the lookout for exciting upcoming announcements of Speakers, Presenters, Book Signing Opportunities, and Attendees at the 2023 ‘ASTORS’ Awards Presentation Luncheon in November of 2023 in New York City!
Nominations are currently being accepted for the 2023 ‘ASTORS’ Homeland Security Awards at https://americansecuritytoday.com/ast-awards/.
Comprehensive List of Categories Include:
| Access Control/ Identification | Personal/Protective Equipment | Law Enforcement Counter Terrorism |
| Perimeter Barrier/ Deterrent System | Interagency Interdiction Operation | Cloud Computing/Storage Solution |
| Facial/IRIS Recognition | Body Worn Video Product | Cyber Security |
| Video Surveillance/VMS | Mobile Technology | Anti-Malware |
| Audio Analytics | Disaster Preparedness | ID Management |
| Thermal/Infrared Camera | Mass Notification System | Fire & Safety |
| Metal/Weapon Detection | Rescue Operations | Critical Infrastructure |
| License Plate Recognition | Detection Products | COVID Innovations |
| Workforce Management | Government Security Programs | And Many Others to Choose From! |
Don’t see a Direct Hit for your Product, Agency or Organization?
Submit your category recommendation for consideration to Michael Madsen, AST Publisher, at: mmadsen@americansecuritytoday.com.
Homeland Security remains at the forefront of our national conversation as we experience an immigration crisis along our southern border and crime rates that are dramatically higher than before the Pandemic across the United States.
These challenges have become a national priority with an influx of investments in innovative new technologies and systems.
Enter American Security Today, the #1 publication and media platform in the Government Security and Homeland Security fields, with a circulation of over 75,000 readers and many tens of thousands more who visit our AST website at www.americansecuritytoday.com each month.
The pinnacle of the Annual ‘ASTORS’ Awards Program is the Annual ‘ASTORS’ Awards Ceremony Luncheon Banquet, an exclusive, full-course plated meal event, in the heart of New York City.
The 2022 exclusive sold-out ‘ASTORS’ luncheon featured representatives of law enforcement, public safety, and industry leaders who came together to honor the selfless service of those who stand on the front lines and those who stand beside them – providing the capabilities and technologies to create a safer world for generations to come.
Last year marked the 20th anniversary of the Department of Homeland Security (DHS), which came out in force to discuss comprehensive collaborations between private and public sectors that have led to the development of intelligence and technologies which serve to protect our nation.
The keynote address was provided by U.S. Customs and Border Protection (CBP) Office of Field Operations (OFO) Deputy Executive Assistant Commissioner (DEAC) Diane Sabatino, who described the changes to CBP through the tragedy of 9/11 and the relentless commitment to its mission and ongoing investment in the latest technologies and innovations to protect our borders and Homeland.
The resounding theme of the DEAC’s remarks was her pride in the women and men of the CBP and their families who support them.
AST was also joined by Legendary Police Commissioner William Bratton, who spoke about his love for the City of New York, the Profession of law enforcement to which he has dedicated his life, and for which he continues to drive thought leadership and innovation.
New York City Police Department (NYPD) Chief of Department Kenneth Corey, came out to address Luncheon attendees and shared some of his experiences and the changes in policing he’s witnessed over his more than three decades of service.
FDNY Chief Joseph Jardin honored the men and women of the FDNY, not only those who currently serve but all of those who have selflessly served, with special recognition of those lost on 9/11.
Chief Jardin spoke about the continuing health battle of many following 9/11 with cancer and respiratory disease, yet now knowing the full consequences, would not have made a different decision to respond.
As Chief Jardin noted, mission-driven service is the lifeblood of every firefighter, volunteer, and sworn member, and has been so throughout the history of the Fire Service.
Former head of the FBI’s active shooter program, Katherine Schweit joined AST to sign complimentary copies of her book, ‘STOP THE KILLING: How to End the Mass Shooting Crisis,’ thanks to the generosity of our 2022 ‘ASTORS’ Awards Sponsors.
The 2022 ‘ASTORS’ Awards Program was Proudly Sponsored by NEC National Security Systems (NSS), ATI Systems, Automatic Systems of America, guardDog AI, Fortior Solutions, IPVideo Corporation, Rajant Corporation, RX Global, and SIMS Software!
We were pleased to welcome the esteemed New York City Fire Department (FDNY); the New York City Police Department (NYPD); and the NYC Hospital Police, as well as Executive Management from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and many other DHS agencies, Federal law enforcement agencies, and private/public partnerships such as the National Association of Women Law Enforcement Executives (NAWLEE), the 30×30 Initiative, a coalition of professionals advancing the representation of women in policing; and Operation Lifesaver, Inc. (OLI) (rail safety advocates).
The prestigious Annual ‘ASTORS’ Homeland Security Awards Program highlights the most cutting-edge and forward-thinking security solutions coming onto the market today, to ensure our readers have the information they need to stay ahead of the competition and keep our Nation safe – one facility, street, and city at a time.
In 2022 over 240 distinguished guests representing Federal, State, and Local Governments, and Industry Leading Corporate Firms gathered from across North America, Europe, and the Middle East to be honored among their peers in their respective fields.
Each year, to keep our communities safe and secure, security dealers, installers, integrators, and consultants, along with corporate, government, and law enforcement/first responder practitioners, convene in New York City to network, learn and evaluate the latest technologies and solutions from premier exhibiting brands at ISC East, the Natural Disaster & Emergency Management Expo (NDEM EXPO), and the ASIS NYC Expo.
ISC East is the Northeast’s leading security & public safety event, hosted in collaboration with sponsor Security Industry Association (SIA) and in partnership with ASIS NYC.
Corporate firms, the majority of which return year to year to build upon their Legacy of Wins, include:
Advanced Detection Technologies, AMAROK, ATI Systems, Axis Communications, Automatic Systems, BriefCam, Canon U.S.A., Cellbusters, CornellCookson, CyberArk Fortior Solutions, guardDog.ai, Hanwha Techwin of America, High Rise Escape Systems, IPVideo Corporation, Konica Minolta Business Solutions, NEC National Security Systems, NICE Public Safety, OnSolve, PureTech Systems, Quantum Corporation, Rave Mobile Safety, Regroup Mass Notification, Robotic Assistance Devices, Rajant Corporation, SafeLogic, Select Engineering Services LLC, Singlewire Software, SolarWinds Worldwide, Teledyne FLIR, Valor Systems, and West Virginia American Access Control Systems, just to name a few!
Why American Security Today?
The traditional security marketplace has long been covered by a host of publications putting forward the old-school basics to what is Today – a fast-changing security landscape.
American Security Today is uniquely focused on the broader Homeland Security & Public Safety marketplace with over 75,000 readers at the Federal, State, and local levels of government as well as firms allied to the government.
American Security Today brings forward a fresh compelling look and read with our customized digital publications that hold readers’ eyes throughout the story with cutting-edge editorial that provides solutions to their challenges.
Harness the Power of the Web – with our 100% Mobile Friendly Publications
AST Digital Publications are distributed to over 75,000 qualified government and homeland security professionals, in federal, state, local, and private security sectors.
‘PROTECTING OUR NATION, ONE CITY AT A TIME’
AST Reaches both Private & Public Experts, essential to meeting these new challenges.
Today’s new generation of public safety and security experts need real-time knowledge to deal with domestic and international terrorism, lone wolf attacks, unprecedented urban violence, shifts in society, culture, and media bias – making it increasingly difficult for Homeland Security, Law Enforcement, First Responders, Military and Private Security Professionals to implement coordinated security measures to ensure national security and improve public safety.
These experts are from Government at the federal, state, and local levels as well as from private firms allied to the government.
AST provides a full plate of topics in our AST Monthly Magazine Editions, AST Website, and AST Daily News Alerts, covering 23 Vital Sectors such as Access Control, Perimeter Protection, Video Surveillance/Analytics, Airport Security, Border Security, CBRNE Detection, Border Security, Ports, Cybersecurity, Networking Security, Encryption, Law Enforcement, First Responders, Campus Security, Security Services, Corporate Facilities, and Emergency Response among others.
AST has Expanded readership into integral Critical Infrastructure audiences such as Protection of Nuclear Facilities, Water Plants & Dams, Bridges & Tunnels, and other potential targets of terrorism.
Other areas of concern include Transportation Hubs, Public Assemblies, Government Facilities, Sporting & Concert Stadiums, our Nation’s Schools & Universities, and Commercial Business Destinations – all enticing targets due to the large number of persons and resources clustered together.
To learn more, please see the 2022 ‘ASTORS’ CHAMPIONS Edition Fully Interactive Magazine – the Best Products of 2022 ‘A Year in Review.’
The Annual CHAMPIONS edition reviews ‘ASTORS’ Award Winning products and programs, highlighting key details on many of the winning firm’s products and services, including video interviews and more.
The 2022 CHAMPIONS serves as your Go-To Source through the year for ‘The Best of 2022 Products and Services‘ endorsed by American Security Today – and can satisfy your agency’s and/or organization’s most pressing Homeland Security and Public Safety needs.
From Physical Security (Access Control, Critical Infrastructure, Perimeter Protection, and Video Surveillance Cameras and Video Management Systems), to IT Security (Cybersecurity, Encryption, Data Storage, Anti-Malware, and Networking Security – to name a few), the 2022 ‘ASTORS’ CHAMPIONS EDITION has what you need to Detect, Delay, Respond to, and Mitigate today’s real-time threats in our constantly evolving security landscape.
It also features guest editorial pieces from some of the security industry’s most respected leaders and recognized firms in the 2022 ‘ASTORS’ Awards Program.
For more information on All Things American Security Today, as well as the 2023 ‘ASTORS’ Awards Program, please contact Michael Madsen, AST Publisher at mmadsen@americansecuritytoday.com.
AST strives to meet a 3 STAR trustworthiness rating, based on the following criteria:
- Provides named sources
- Reported by more than one notable outlet
- Includes supporting video, direct statements, or photos
