WEBINAR | A Deep-Dive into 2023 Cyber Threats
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
April 25, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
The final quarter of 2023 brought many of us festivities, time off work, and warm memories. Simultaneously, cyber-threat actors were busy finding new and innovative ways to wage attacks. As it turns out, innocent employees were actually (unknowingly) helping those threat actors: In Q4 2023 user behavior proved a key factor in opening the door to attackers.
Below we explore that trend, and others that affected ReliaQuest customers in Q4, including the MITRE ATT&CK techniques used for initial access, command-and-control (C2), defense evasion, and impact. Spoiler alert: They’re all likely to be seen again in the coming months. And we’ve got tips to stay one step ahead.
Your network security is only as strong as your weakest link, and organizations are full of these weak links…we’re all familiar with the “problem existing between keyboard and chair” (aka PEBKAC). Our data showing threat activity against our customers in Q4 2023 revealed that the vast majority of initial-access activity was aided by user actions during social engineering. These attacks exploit features typical of human beings: curiosity, naivety, and occasional carelessness.
Most attacks began with an unsuspecting employee clicking on a phishing link. This trend is consistent with the findings from our Q3 2024. Luckily for attackers, phishing and similar techniques are the easiest and cheapest of all ways to gain initial access to a target system, thanks to resources like phishing-as-a-service (PhaaS) toolkits.
We saw spearphishing in abundant use, but also drive-by compromise. Often referred to as drive-by download, this is when a person visits a seemingly-benign-but-compromised website, and malware is immediately downloaded to their computer.
Figure 1: Initial-access TTPs observed in Q4 2023 ReliaQuest customer incidents
To counter these techniques, ReliaQuest protects customers by using numerous detection rules and a specialized Phishing Analyzer. You can also protect yourself from the above initial-access techniques by:
With one foot in the door of a targeted system, a threat actor typically does everything in their power to make the most of it. But they need to work undetected, bypassing, or eluding security measures.
In Q4 2023, command obfuscation was the defense-evasion technique most used in our customers’ environments. The attackers increased the complexity of their command code to make it less intelligible to security tools (which are trained to identify certain patterns). Just like a student might add white text to a Word document to trick the word-count feature, hackers add whitespace and special characters to confuse your expensive anti-malware tools.
Figure 2: Defense evasion TTPs observed in Q4 2023 ReliaQuest customer incidents
We’ve created a set of detection rules in our GreyMatter platform to keep our customers safe from even the most obfuscated commands. You can also take the following steps:
After evading detection tools, the attacker wants to set up a C2 system to communicate with compromised systems. In most of the activity observed within ReliaQuest customer environments, C2 was established through HTTPS (Hypertext Transfer Protocol Secure), the primary protocol used to send data between a web browser and a website. To an attacker’s advantage, it does so in an encrypted manner and typically slips past firewalls. Suspicious traffic blends with everyday traffic, and security teams are none the wiser.
Figure 3: C2 TTPs observed in Q4 2023 ReliaQuest customer incidents
GreyMatter can help with detection rules aimed at high-risk HTTPS and suspicious traffic, but here’s what you can do:
Q4 marked a final blow in an already costly year for the cyber-compromised; financial theft was, overwhelmingly, the most common way attackers created an impact on our customers. Whether they used ransomware, business email compromise, data theft, or cryptocurrency network exploitation, one goal was always in mind: get rich quick(ly).
Figure 4: Impact TTPs observed in Q4 2023 ReliaQuest customer incidents
Our data shows an overall increase in extortion activity, particularly in ransomware and data theft extortion—2023 was a record-breaking year in that regard.
Unlike January gym rats, threat actors are unlikely to abandon their plans in 2024. Many of the techniques seen in Q4 2023 will probably continue to be widely used this year. (Get the full picture of 2023 threats in our year-end blog.)
By staying one step ahead of attackers, ReliaQuest will continue pursue the most up-to-date and forward-looking means of protection, keeping our customers informed and responsive along the way. If you’d like a slice of this cybersecurity pie, find out more about our GreyMatter platform and request a demo today.
Get a live demo of our security operations platform, GreyMatter, and learn how you can improve visibility, reduce complexity, and manage risk in your organization.