Cyber threats are increasingly incorporating legitimate services in their attack chain, researchers warn.
In its latest threat intelligence report, email security platform Mimecast said it flagged more than 5 billion threats in the second half of 2024.
Mimecast identified the growing trend of living off trusted services (LOTS) attacks as its most significant finding over the period, as attackers increasingly incorporate legitimate IT tools in their TTPs to avoid detection.
It noted this approach is particularly useful in helping get around a recent push in the security industry to raise the levels of authentication required to access corporate accounts.
“While the technologies make their attacks more complicated, the attackers continue to find services to pass authentication and alignment checks,” the report explained.
Mimecast said a significant number of these threats take advantage of major cloud providers for a wide array of their attacks, but also leverage individual aspects of other cloud services for specific parts of the kill chain.
“Microsoft’s, Google’s, and Evernote’s cloud services commonly play hosts for threat actor’s payloads and landing pages,” the report warned.
“However, other cloud services are frequently being used for specific components of attack structure: Cloudflare's Turnstyle CAPTCHAs are regularly used to prevent threat analysis.”
But it added that as these larger providers work to root out abuse of their platforms, attackers have been observed using smaller services from providers like Airtable, Publuu, and Wave Compliance.
Geopolitical lures used to deceive staff
Mimecast also called attention to the extent to which human error still plagues businesses as the most consistent element in cyber incidents.
The report warned that humans continue to have a primary role in successful breaches, citing data from Verizon that showed 68% of successful breaches that occurred in 2023 had “a non malicious human element”.
Mimecast referenced findings from a survey by EY, which found 34% of employees reported they were worried they might be the weakness exploited in a breach, even though 86% said they were knowledgeable about the types of threats they face.
The report showed threat actors frequently use references to current geopolitical events in their phishing lures, with China-Taiwan, the South China Sea, and China’s activities related to cutting undersea cables the top three geopolitical lures seen by Mimecast researchers.
RELATED WHITEPAPER
Mimecast detailed a number of threat-specific countermeasures to address concerns businesses have with the human aspect of their defense posture.
Firstly, organizations should implement a robust framework for human risk management that aligns both security objectives and business targets. By doing so, firms can develop a “multi-tiered response system that differentiates between unintentional mistakes and malicious actions”, Mimecast advised.
Awareness training is also an essential part of any countermeasure, but the report emphasized that staff must be educated on not just the general cyber risks they face but how global events can influence threat campaigns.
“By implementing robust awareness training programs and human risk platforms to guardrail users, organizations can strengthen their human firewall against both conventional cyberattacks and those driven by geopolitical motives,” Mimecast advised.
MORE FROM ITPRO
-
Gender diversity improvements could be the key to tackling the UK's AI skills shortageNews Encouraging more women to pursue tech careers could plug huge gaps in the AI workforce
-
Researchers claim Salt Typhoon masterminds learned their trade at Cisco Network AcademyNews The Salt Typhoon hacker group has targeted telecoms operators and US National Guard networks in recent years
-
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to knowNews The group appears to be infecting support and help-desk personnel with remote access trojans and other forms of malware
-
Google wants to take hackers to courtNews You don't have a package waiting for you, it's a scam – and Google is fighting back
-
77% of security leaders say they'd fire staff who fall for phishing scams, even though they've done the same thingNews A new report uncovers worrying complacency amongst IT and security leaders
-
Been offered a job at Google? Think again. This new phishing scam is duping tech workers looking for a career changeNews A new Google Careers phishing scam is targeting tech workers looking for a change of scenery – here's how to stay safe
-
Hackers are using a new phishing kit to steal Microsoft 365 credentials and MFA tokens – Whisper 2FA is evolving rapidly and has been used in nearly one million attacks since JulyNews Whisper 2FA is now the third most common Phishing as a Service tool worldwide
-
Microsoft and Cloudflare just took down a major phishing operationNews RaccoonO365’s phishing as a service platform has risen to prominence via Telegram
-
Hackers are abusing ConnectWise ScreenConnect, againNews A new spear phishing campaign has targeted more than 900 organizations with fake invitations from platforms like Zoom and Microsoft Teams.
-
Malicious URLs overtake email attachments as the biggest malware threatNews With malware threats surging, research from Proofpoint highlights the increasing use of off-the-shelf 'phish kits' like CoGUI and Darcula
