SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Barracuda report highlights rise of high-risk business security threats in 2023
Thu, 22nd Feb 2024

According to threat research from the Barracuda network in 2023, the most common ways attackers attempted to access networks included business email compromise and malicious code exploits. The comprehensive research revealed that even though these attempts were unsuccessful, they highlighted the rising number of high-risk security threats faced by businesses.

Barracuda XDR, with its team of Security Operation Centre (SOC) analysts, were able to isolate these threats by examining over 1,640 billion IT events. The analysts identified 66,000 high-severity threats in 2023 requiring immediate investigation and another 15,000 that demanded urgent defensive action. Mostly, the attempts focused on identity compromise, resulting in a breached account.

Merium Khalid, Director of SOC Offensive Security at Barracuda XDR, stated, "Our data for 2023 shows that attackers are launching more high-severity attacks overall, and especially during times when IT teams are away from the workplace or less attentive." According to Khalid, most attacks aim to gain access to accounts by compromising identities. As attackers began utilising AI tools to increase the volume, speed, and complexity of attacks, he suggested that these trends are likely to escalate.

Judging by unusual login activities, attackers often reveal their presence themselves. Three significant suspicious login activities include Impossible Travel detection, Rare User Log-in detection, and Rare Hour for User detection. Data indicates a continuous focus on exploiting critical vulnerabilities and weaknesses yet to be addressed with updates or patches.

During the year, threats increased, with peaks occurring in October, November, and December, high-season for online shopping and holidays, offering potential targets and opportunities for attackers. A smaller peak transpired in June, another holiday month, reinforcing the findings that attackers take advantage of people being away or distracted to launch high-risk attacks.

Predominantly, the top detections focused on identity compromises leading to a breached account. These attacks engaged suspicious logins, brute force attacks, and disabling multifactor authentication tactics. Alarmingly, the upload of a suspicious executable file often indicated the placement of additional tools or malware from external systems controlled by the adversary.

Barracuda XDR employs AI-powered detection rules to spot suspicious login activity warranting immediate evaluation. An intriguing example includes the Impossible Travel detection rule where two logins more than 1,000 km apart trigger a red flag if the user would need to travel at over 800 km/h. Other detection rules aim to identify unusual usernames in authentication logs and users logging in at unusual hours.

Analysis of leading Intrusion Detection System (IDS) detections in 2023 demonstrated that attackers often exploit longstanding critical vulnerabilities and weaknesses. Shellshock, a collection of bugs over a decade old, remains among the top detections, signalling the presence of many unpatched systems.

To stay safe in this environment of escalating attacks, businesses need robust authentication and access controls, a proactive approach to patch management and data protection, and regular cybersecurity awareness training for employees, the company states. However, as attackers increasingly leverage AI for sophisticated, faster, and targeted attacks, defenders must ensure their security tools are equally capable.