Cyber threats are increasingly incorporating legitimate services in their attack chain, researchers warn.
In its latest threat intelligence report, email security platform Mimecast said it flagged more than 5 billion threats in the second half of 2024.
Mimecast identified the growing trend of living off trusted services (LOTS) attacks as its most significant finding over the period, as attackers increasingly incorporate legitimate IT tools in their TTPs to avoid detection.
It noted this approach is particularly useful in helping get around a recent push in the security industry to raise the levels of authentication required to access corporate accounts.
“While the technologies make their attacks more complicated, the attackers continue to find services to pass authentication and alignment checks,” the report explained.
Mimecast said a significant number of these threats take advantage of major cloud providers for a wide array of their attacks, but also leverage individual aspects of other cloud services for specific parts of the kill chain.
“Microsoft’s, Google’s, and Evernote’s cloud services commonly play hosts for threat actor’s payloads and landing pages,” the report warned.
“However, other cloud services are frequently being used for specific components of attack structure: Cloudflare's Turnstyle CAPTCHAs are regularly used to prevent threat analysis.”
But it added that as these larger providers work to root out abuse of their platforms, attackers have been observed using smaller services from providers like Airtable, Publuu, and Wave Compliance.
Geopolitical lures used to deceive staff
Mimecast also called attention to the extent to which human error still plagues businesses as the most consistent element in cyber incidents.
The report warned that humans continue to have a primary role in successful breaches, citing data from Verizon that showed 68% of successful breaches that occurred in 2023 had “a non malicious human element”.
Mimecast referenced findings from a survey by EY, which found 34% of employees reported they were worried they might be the weakness exploited in a breach, even though 86% said they were knowledgeable about the types of threats they face.
The report showed threat actors frequently use references to current geopolitical events in their phishing lures, with China-Taiwan, the South China Sea, and China’s activities related to cutting undersea cables the top three geopolitical lures seen by Mimecast researchers.
RELATED WHITEPAPER
Mimecast detailed a number of threat-specific countermeasures to address concerns businesses have with the human aspect of their defense posture.
Firstly, organizations should implement a robust framework for human risk management that aligns both security objectives and business targets. By doing so, firms can develop a “multi-tiered response system that differentiates between unintentional mistakes and malicious actions”, Mimecast advised.
Awareness training is also an essential part of any countermeasure, but the report emphasized that staff must be educated on not just the general cyber risks they face but how global events can influence threat campaigns.
“By implementing robust awareness training programs and human risk platforms to guardrail users, organizations can strengthen their human firewall against both conventional cyberattacks and those driven by geopolitical motives,” Mimecast advised.
MORE FROM ITPRO
-
European financial firms are battling a huge rise in third-party breachesNews Growing vendor dependency has contributed to a marked rise in third-party breaches
-
‘We’ve got some fabulous conditions’: Salesforce UK chief exec Zahra Bahrololoumi touts the country's tech industry potentialNews The UK remains a “priority market” for Salesforce, according to its regional CEO
-
FIN6 attackers target recruiters with fraudulent resumesNews The group's phishing methods protect it from many detection tools, researchers warn
-
100,000 accounts have been hit in a HMRC scam campaign, but the tax office says it wasn't hacked – here's whyNews Organized criminals used phished data to set up dodgy HMRC accounts and demand tax rebates
-
Employee phishing training is working – but don’t get complacentNews Educating staff on how to avoid phishing attacks can cut the rate by 80%
-
Russian hackers tried to lure diplomats with wine tasting – sound familiar? It’s an update to a previous campaign by the notorious Midnight Blizzard groupNews The Midnight Blizzard threat group has been targeting European diplomats with malicious emails offering an invite to wine tasting events, according to Check Point.
-
This hacker group is posing as IT helpdesk workers to target enterprises – and researchers warn its social engineering techniques are exceptionally hard to spotNews The Luna Moth hacker group is ramping up attacks on firms across a range of industries with its 'callback phishing' campaign, according to security researchers.
-
Healthcare organizations are turning a blind eye to phishing attacks
News A survey reveals that most attacks go unreported, putting patient data at risk
-
‘Phishing kits are a force multiplier': Cheap cyber crime kits can be bought on the dark web for less than $25 – and experts warn it’s lowering the barrier of entry for amateur hackersNews Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Have I Been Pwned owner Troy Hunt’s mailing list compromised in phishing attackTroy Hunt, the security blogger behind data-breach site Have I Been Pwned, has fallen victim to a phishing attack targeting his email subscriber list.
