Post Syndicated from Tom Caiazza original https://blog.rapid7.com/2022/09/14/the-2022-sans-top-new-attacks-and-threats-report-is-in-and-its-required-reading/
The latest Top New Attacks and Threat Report from the cybersecurity experts at SANS is here — and the findings around cyberthreats, attacks, and best practices to defend against them are as critical for security teams as they’ve ever been.
If you’re unfamiliar with the SysAdmin, Audit, Network, and Security Institute, or SANS, they’re among the leading cybersecurity research organizations in the world, and their annual Top New Attacks and Threat Report is required reading for every security professional operating today.
What’s new for 2022
This year’s report is a little different from previous years. Rather than focusing on threat statistics from the year before (i.e., 2021 data for the 2022 report), SANS opted to focus on data from the first quarter of 2022, providing a more recent snapshot of the state of play in the threat landscape. The reason for this is probably something you could have guessed: the pandemic.
Typically, the TNAT report (we love coming up with acronyms!) is built out of a highly anticipated presentation from SANS experts at the annual RSA conference. Since the pandemic delayed the start of the RSA event this year, the folks at SANS thought it better to focus on more up-to-the-minute data for their report.
What they found is interesting — if a little concerning.
Smaller breaches, bigger risks?
In the first quarter of 2022, the average breach size was down one-third from the overall breach size in 2021 (even adjusted for seasonal shifts in breach sizes). What’s more, there are signs of a trend in breach size decline, as 2021’s overall breach size average was 5% lower than that of 2020. SANS believes this is indicative of attackers focusing on smaller targets than in previous years, particularly in the healthcare sector and in state and local government agencies.
A lower average breach size is good news, no doubt, but what it says about the intentions of attackers should have many on edge. Going after smaller — but potentially more vulnerable — organizations means those groups are less likely to have the resources to repel those attackers that larger groups would, and they pose dangers as partner organizations.
The SANS experts suggest shoring up supplier compliance by following two well-established security frameworks: the Supply Chain Risk Management Reporting Framework provided by the American Institute of Certified Public Accountants (AICPA), and the National Institute of Standards and Technology’s (NIST’s) updated SP 800-161 Supply Chain Risk Framework.
Other key trends
The SANS report also provided telling and important data around the ways in which attackers enter your environment (phishing was the root of 51% of all breaches), as well as the success rate of multi-factor authentication — 99% — in combating phishing attacks.
The RSA panel discussion (and the subsequent report we’re sharing) also look into specific trends and best practices from some of SANS’s experts. In years past, they’ve looked at some key takeaways from the SolarWinds breach, ransomware, and machine learning vulnerabilities. This year, they’ve turned their attention to multi-factor authentication, stalkerware, and the evolution of “living off the land” attacks as they pertain to cloud infrastructure. Each of these sections is worth reading in its own right and can provide some thought-provoking resources as your security team continues to grapple with what comes next in the cloud and attacker spaces.
One space where the SANS experts chose to focus has particular importance to those seeking to mitigate ransomware: attacks on backups. Backups have long been considered your best defense against ransomware attacks because they allow your organization to securely resume use of your data should your environment become compromised (and your data be locked down). However, as backup infrastructure moves into the cloud, SANS experts believe unique attacks against these backups will become more common, because backup solutions are often quite complex and are vulnerable to specific types of threats, such as living-off-the-land attacks.
The annual SANS report is a reliable and instrumental resource for security teams which is why we are proud to be a sponsor of it (and offer it to the security community). You can dive into the full report here.
Additional reading: