Tech News

Tech Business News

  • Home
  • Technology
  • Business
  • News
    • Technology News
    • Local Tech News
    • World Tech News
    • General News
    • News Stories
  • Media Releases
    • Tech Media Releases
    • General Media Releases
  • Advertisers
    • Advertiser Content
    • Promoted Content
    • Sponsored Whitepapers
    • Advertising Options
  • Cyber
  • Reports
  • People
  • Science
  • Articles
    • Opinion
    • Digital Marketing
    • Guest Publishers
  • About
    • Tech Business News
    • News Contributions -Submit
    • Journalist Application
    • Contact Us
Reading: Barracuda 2023 XDR Threat Research Reveals Surge In High-Severity Threats
Share
Font ResizerAa
Tech Business NewsTech Business News
  • Home
  • Technology News
  • Business News
  • News Stories
  • General News
  • World News
  • Media Releases
Search
  • News
    • Technology News
    • Business News
    • Local News
    • News Stories
    • General News
    • World News
    • Global News
  • Media Releases
    • Tech Media Releases
    • General Press
  • Categories
    • Crypto News
    • Cyber
    • Digital Marketing
    • Education
    • Gadgets
    • Technology
    • Guest Publishers
    • IT Security
    • People In Technology
    • Reports
    • Science
    • Software
    • Stock Market
  • Promoted Content
    • Advertisers
    • Promoted
    • Sponsored Whitepapers
  • Contact & About
    • Contact Information
    • About Tech Business News
    • News Contributions & Submissions
Follow US
© 2022 Tech Business News- Australian Technology News. All Rights Reserved.
Tech Business News > Reports > Barracuda 2023 XDR Threat Research Reveals Surge In High-Severity Threats
Reports

Barracuda 2023 XDR Threat Research Reveals Surge In High-Severity Threats

Barracuda Security researchers have analysed the most prevalent XDR detections for 2023. Their findings, summarised the most common ways attackers tried — and failed — to gain persistent access to networks after analysing nearly two trillion (1,640 billion) IT events

Editorial Desk
Last updated: March 4, 2024 8:29 pm
Editorial Desk
Share
SHARE

Barracuda XDR, along with its team of SOC analysts working around the clock, analysed nearly two trillion (1,640 billion) IT events to pinpoint tens of thousands of potentially high-risk security threats.

Defensive security technologies, including XDR, are designed to detect, notify, and block the enemy at the gate or in the early stages of an intrusion.

The attacks are prevented from being carried out fully — and this means that we don’t always know what the final intended payload might have been, such as ransomware.

According to Merium Khalid, Director, SOC Offensive Security, Barracuda XDR cybersecurity involves understanding attackers’ behaviour as well as their tools and tactics.

“Our data for 2023 shows that attackers are launching more high-severity attacks overall, and especially during times when IT teams are away from the workplace or less attentive, such as during holidays, outside working hours, during the night, and at weekends,” said Khalid

“Most attacks are trying to gain access to accounts by compromising identities. As attackers start to leverage AI tools to scale the volume, speed, and sophistication of attacks, these trends will escalate. Security teams need to ensure their security tools have the same power.” he said.

Overview of 2023: High-severity attack attempts increasing

High-severity detections during 2023 included 66,000 threats serious enough to be escalated to a SOC analyst for investigation, and a further 15,000 that required urgent and immediate defensive action.

There was also a steady rise in both threat categories throughout the year — peaking from October into November and December.

These months are the prime season for online shopping and festive holidays. Both factors are potentially highly attractive to attackers. The first because it offers a large pool of potential targets and opportunities, the second because it generally means IT teams are away from the workplace or less attentive.

There was a second, smaller, peak in June — which for many countries represents a key holiday month. Together, these results reinforce the findings we first reported in 2022 — that attackers seize the opportunity of people being away, busy, or distracted to launch more damaging and high-risk attacks.

High-Severity threats detected by XDR in 2023 - (Total Numbers Chart)

Top XDR detections in 2023 center on identity abuse

The majority of the top 10 detections of 2023 are focused on some kind of identity compromise, resulting in a breached account. The detections that signpost this identity abuse include suspicious logins, brute force attacks, and attackers disabling multifactor authentication.

The uploading of a suspicious executable file could indicate attackers trying to move additional tools or malware from an external, adversary-controlled system such as a command-and-control server into a compromised account.

Endpoint threat detections involve a mechanism that triggers when Barracuda’s Managed XDR Endpoint Security spots a potential threat within a system, regardless of whether it successfully neutralised the threat or not.

It’s crucial to promptly notify the client in either scenario, as such detections necessitate a deeper investigation to uncover how the malicious file or process managed to execute initially.

This detection rule covers a wide spectrum of threats, including but not limited to harmless elements, potentially unwanted applications (PUA), adware, spyware, downloaders, cryptominers, malicious documents, exploits, viruses, worms, Trojans, backdoors, rootkits, information stealers, ransomware, interactive or remote shells, lateral movements, and more.

Suspicious superheroes, ghosts, and insomniacs — how AI tools spot intruders

Barracuda XDR features AI-powered detection rules, driven by our machine learning capabilities, designed to spot suspicious login activity that needs urgent evaluation.

The rules rely on algorithms and AI-based pattern analysis, which model a user’s baseline routine and immediately red flag anything that falls outside that.

How attackers give themselves away with suspicious, login activity
  • Suspicious superheroes — Impossible Travel detection rule

This detection rule catches attackers trying to log into a compromised account. When two logins are detected more than 1,000 km apart and the user would need to be travelling at more than 800 km/h — the average speed of an airplane — in order to do this, a security red flag is triggered. Furthermore, the detection checks the login isn’t associated with a VPN IP to remove any risk of a false positive.

To illustrate how this looks in practice, in one instance Barracuda XDR spotted a user logging in from Iowa in the U.S. and then in Moscow just over an hour later, seemingly covering 8,267 km at a speed of more than 7,000 km/hour. 

  • Ghosts — Rare User Log-in detection rule

This detection rule looks for unusual usernames appearing in the authentication logs. This helps to spot an intruder abusing the credentials for a dormant or inactive user, perhaps because the user has left the organisation, or a username that falls out of the organisation naming schema.

Threat actors will also try to create new users as a means of persistence, and this will be flagged as an unknown user by the detection rule.

  • Insomniacs — Rare Hour for User detection rule

This detection rule looks for a user logging in at a time of day that is unusual for them. This can be due to someone in a different time zone trying to access the compromised account. In addition, unauthorised user activity often takes place outside standard business hours.

Network Traffic Detections

Barracuda XDR includes a sophisticated, multilayered Intrusion Detection System (IDS) that scrutinises traffic traversing a client’s network via a SPAN (mirror) port.

This IDS serves as a vigilant guardian, pinpointing both suspicious and potentially harmful activities that might appear legitimate but are linked to recognised malware, cyberattacks, and various security threats permeating your network. A significant portion of these threats are automated, executed en masse against networks.

Analysis of the leading IDS detections in 2023 reveals a persistent trend: Attackers consistently exploit longstanding critical vulnerabilities and weaknesses that have yet to be addressed through patching. This highlights the critical need for continuous vigilance and updates to network security measures.

Barracuda Top IDS detections in 2023

Shellshock is a 10-year-old collection of bugs that continues to rank among the top 10 detections detected by Barracuda’s integrated IDS. The fact that Shellshock attacks remain so prevalent suggests that attackers know there are still many unpatched systems out there.

Reports suggest that Shellshock is being used by attackers to launch distributed denial of service (DDoS) attacks and to target vulnerable interconnected systems that are interconnected using bots and botnets.

Two years after the Log4Shell vulnerability in the open-source Java-based Log4j logging utility was disclosed, exploits against the bug also remain common. This could reflect the fact that Log4j is so deeply embedded in applications and other software that many organisations may not even know it is there — and vulnerable instances could be tricky and time-consuming to mitigate.

How To Stay Safe In A World of 24/7 Attacks

The security basics are more critical than ever. These should include robust authentication and access controls (multifactor authentication at a minimum and ideally moving to Zero Trust- based measures), a solid approach to patch management and data protection, and regular cybersecurity awareness training for employees.

However, in the face of a growing number of high-severity threats targeting an organiation’s expanding digital attack surface, and as attackers increasingly start to leverage AI for ever more sophisticated, faster, and targeted attacks, defenders will need to ensure their security tools have the same power. A multi-faceted, AI-based approach to protection that has several levels of increasingly deep detection and scrutiny is essential.

This should sit within an overall security framework that comprises robust next-generation security technologies, backed by expert analysis and 24/7/365 security monitoring to catch unknowns and anomalies that might otherwise slip through the net — and a SOC as a service to respond to and mitigate threats.

The findings from Barracuda’s 2023 XDR Threat Research highlight a concerning surge in high-severity threats, underscoring the evolving landscape of cybersecurity challenges.

As technology continues to advance, so do the tactics employed by malicious actors, emphasising the critical importance of robust cybersecurity measures.

It is imperative for organisations to remain vigilant, continuously adapt their defenses, and collaborate with industry experts to mitigate the risks posed by these increasingly sophisticated threats.

By Editorial Desk
The TBN team is a well establish group of technology industry professionals with backgrounds in IT Systems, Business Communications and Journalism.
Previous Article AI News Integration Of Artificial Intelligence Becomes Vital For Web App Development.
Next Article Nord Innovation AB’s Pre-Sales Interface Cockpit/Suite© - Tech News Media Release Nord Innovation AB’s Pre-Sales Interface Cockpit/Suite© Adds E-Invoicing Capability
XDR round-up 2023: High-severity threats on the rise, peak during holidays

Tech Articles

VPN Service Providers Cyber Attacks

Should VPN Service Providers Be Held Accountable For Cyber Attacks?

Should VPN service providers be held accountable for cyber attacks…

November 3, 2024
Content creation platforms leveraged for phishing attacks

Phishing Attacks Exploit Content Creation Platforms

Content creation platforms are being leveraged for phishing attacks. Its…

September 17, 2024
Starting a small business venture in Australia

Starting A Small Business Venture In Tough Economic Times

When starting a small business venture in Australia it's worth…

December 8, 2024

Recent News

Aussies cyber safe Black Friday Cyber Monday
Reports

Aussies Warned To Stay Cyber Safe Ahead of Record Black Friday and Cyber Monday Sales

6 Min Read
Backoffice Business automation
Reports

New findings show CFOs look to automation to improve team satisfaction, not to replace them

4 Min Read
Reports

BNPL users 43% more likely to use a ‘Pay Advance’ service

5 Min Read
Satellite-Enabled Smartphones Travelers 2024
Reports

31% Of Experienced Travelers Plan To Obtain Satellite-Enabled Smartphones

4 Min Read
Tech News

Tech Business News

Stay up to date with the latest technology & business news trends from Australia and the around the world.

Technology News reports and whitepaper publishing services are available along with media and advertising options

Our Australian technology news includes People, Business, Science, World News, Local News, Guest publishers, IT News & Tech News Australia | Tech News was established in 2019

About

About Us 
Contact Us 
Privacy Policy
Copyright Policy
Terms & Conditions

December, 10, 2024

Contact

Contact Information.
Melbourne, Australia

Werribee 3030

Phone: +61 431401041

Hours : Monday to Friday, 9am 530-pm.


Tech News

© Copyright Tech Business News 

Latest Australian Tech News – 2024

Welcome Back!

Sign in to your account