Identity-based attacks the top cyber threat in 2021

May 25, 2022

Under the backdrop of ransomware, software supply chain attacks, data breaches, and more, a new Blumira report has found that identity-based attacks are the top threat organizations faced in 2021.

The 2022 State of Detection and Response Report analyzed Blumira’s security detections across log datasets of 230 organizations.

Unsurprisingly, access attempts were a common theme, as the pandemic forced many organizations to move to cloud services to support their remote employees. Moving to a cloud environment only highlighted the knowledge gap for organizations without a solid understanding of their exposed attack surface. Threat actors exploit those knowledge gaps by exploiting, misusing, or stealing user identities.

Attempts to authenticate into a honeypot, or a fake login page designed especially to lure attackers, was Blumira’s #1 finding of 2021. Identity-driven techniques accounted for three out of Blumira’s top five findings at 60%.

Cloud environments are particularly vulnerable to identity-based attacks such as credential stuffing, phishing, password spraying and more. Rapid detection of these attacks can enable organizations to respond and contain an identity-based attack faster, helping stop an attack from progressing further.

Research also observed the usage of living off the land (LotL) techniques, which threat actors use to stealthily remain undetected in an environment. They do so by leveraging built-in Microsoft tools that make it appear as though they are legitimate users within an organization’s environment.

Among Blumira’s top findings were various instances of living off the land techniques, including Service Execution with Lateral Movement Tools (#4), PsExec Use (#16), and Potentially malicious PowerShell command (#18).

Over days or weeks, these types of attacks can go undetected by endpoint detection and response (EDR) solutions that rely on the detection of known malicious tools. By that time, it may be too late — for example, when an attacker introduces malware into the environment.

To download the full report, click here.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

Security Operations Centers (SOCs) are a crucial component of safety and security culture. They support many strategic business objectives, from lowering costs and minimizing risk to improving employee trust and morale.

Identity-based attacks the top cyber threat in 2021

Recent Articles by Security Staff

Ronnell Higgins named Yale AVP for Public Safety and Community Engagement

Eastern Kentucky University awarded $300k safety grant

Pharmaceutical company secures network with AppSec compliance tools

Lockbit 2.0 accounts for 40% of May ransomware attacks

Technical teams are struggling with access issues that impact productivity and security

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

Identity-based attacks the top cyber threat in 2021

Recent Articles by Security Staff

Related Articles

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.