Red Canary releases 2021 Threat Detection Report while Thales releases its Data threat report for 2021

July 29, 2021 |

Red Canary has released its 122 page 2021 Threat Detection Report.  It is useful in identifying the most prevalent techniques and threats and considers best ways to detect and mitigate specific threats and techniques. It is a highly technical document.

The top techniques are:

  • T1059 Command and Scripting Interpreter (24%)
  • T1218 Signed Binary Process Execution (19%)
  • T1543 Create and Modify System Process (16%)
  • T1053 Scheduled Task / Job (16%)
  • T1003 OS Credential Dumping (7%)
  • T1055 Process Injection (7%)
  • T1027 Obfuscated Files or Information (6%)
  • T1105 Ingress Tool Transfer (5%)
  • T1569 System Services (4%)
  • T1036 Masquerading (4%)

The report also noted:

  • Command-line parameters are by far the most efficacious for detecting
    potentially malicious PowerShell behavior
  • attackers use Windows Command Shell One by the use of  cmd to call native commands and redirect the output of those commands to a file on the local admin share.
  • to detect adverseries it is necessary to focus on the uncommon patterns of execution and patterns of execution  commonly associated with malice

It is a comprehensive report and worthy of a close read by not only technical operators but those who get involved with cyber security issues.

The Thales report is more a strategic overview of trends and broad analysis.

  • 75% of respondents to the survey said that they do not  have complete knowledge of where their  data is stored
  • 30% said they had experienced a breach in the last 12 months
  • 50% were very concerned about the security threats posed by quantum computing
  • 34% had a formal strategy and have actively embraced a Zero Trust policy
  • in terms of threats the respondents said there was an increase of:
    • 57% from Malware
    • 48% from Ransomware
    • 41% from Credential Stuffing / other password attacks
    • 41% from Phishing / Whaling
    • 31% from SQL Injection
    • 30% from Denial of Service
    • 29% from Man-in-the-middle / Eavsedropping
    • 22% from brand impersonation.
  • 30% had a large portion of their sensitive data in cloud encrypted
  • 34% has a formal strategy to embrace a zero trust policy while 2% had not such strategy
  • in terms of spending:
    • 40% gave priority to data loss prevention
    • 36% gave priority to multi factor authentication
    • 34% gave priority to encryption.
  • 40% were very concerned with security threats against employees remote working while 43% were somewhat concerned.

Leave a Reply