Virtualization Technology News and Information
Article
RSS
Expel Unveils Threat Research and Cloud Detection, Response and Remediation Capabilities and Resources
Expel unveiled new threat research and cloud detection, response and remediation resources at Black Hat USA 2022.

"As defenders, we need to use every advantage we have. One of those is all of us being part of a defense community, sharing knowledge-about threats, vulnerabilities, defensive strategies-to better protect each other," said Dave Merkel, CEO and co-founder of Expel. "I hope our threat intel and cloud security resources are useful to both our customers and the cybersecurity community at large."

Quarterly Threat Report-Q2 2022. The Expel Quarterly Threat Report (QTR) showcases the established and emerging trends and incidents the Expel security operations center (SOC) team observed across customer environments. The SOC team gathers its findings through investigations into alerts, email submissions, and hunting leads and threats from the second quarter of 2022 (April 1 to June 30). A thorough analysis of incidents identifies patterns and trends to help guide strategic decision-making and operational processes.

Some key takeaways from the QTR include:

  • Identity-based attacks-which include credential theft, credential abuse, and long-term access key theft-accounted for 56% of all incidents identified by the Expel SOC in Q2.
  • Ransomware threat groups and their affiliates have mostly abandoned the use of Visual Basic for Application (VBA) macros and Excel 4.0 macros to gain initial entry to Windows-based environments.
  • Fourteen percent of identity attacks against cloud identity providers satisfied the multi-factor (MFA) requirement by continuously sending "Push" notifications to users until they approved.

The QTR also outlines recent findings in business email compromise (BEC), business application compromise (BAC), phishing, and cloud security incidents, among others topic areas. Download the QTR for Q2 2022 here.

MITRE ATT&CK in Google Cloud Platform: A defender's cheat sheet. As threat actors increasingly operate in the cloud, the Expel SOC team observes their activity and strategies to share information to educate defenders. The MITRE ATT&CK guide for Google Cloud Platform (GCP) contains a breakdown of the tactics the Expel SOC team sees attackers use most often during attacks in GCP. The guide also includes best practices for investigating incidents, and helps inform organizations' GCP alert triage, and incident response to quickly remediate issues. Lastly, this cheat sheet includes a "mind map" that lays out the relationship between MITRE ATT&CK tactics, GCP services, and API calls to help security teams better understand how threat actors execute attacks. To learn more and download the defender's cheat sheet for MITRE ATT&CK in GCP, visit this page.

Expel Cloud Detection and Response. Expel ingests events and log data from GCP, Amazon Web Services (AWS), and Azure and enriches it with customer-specific context such as the type of environment (e.g., production, development) or user (e.g., admin) to hone detection based on risk and expected behaviors. Expel layers on the detections, ingesting security signal from cloud-native services and writing custom detections tailored to each cloud provided from the logs in the cloud admin control plane. Expel's cloud infrastructure strategy is focused on catching misconfigurations, suspicious logins and unusual admin activity, like resource sharing.

To download the defender's cheat sheet for MITRE ATT&CK in AWS, visit this page. To build a detection and response strategy in Azure, download Expel's Azure Guidebook.

Published Tuesday, August 09, 2022 9:43 AM by David Marshall
Filed under: ,
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<August 2022>
SuMoTuWeThFrSa
31123456
78910111213
14151617181920
21222324252627
28293031123
45678910