Winter is over and spring is in full bloom, which means it’s time again for our newest Quarterly Threat Report. In this quarter, we look at the set of industries most commonly targeted, the continued use of remote entry, and the most common phishing sites seen by industry. Also, for the first time, we look at the MITRE ATT&CK framework and how it maps to our managed detection and response (MDR) incidents this quarter.
Remote entry for the win
One threat that just doesn’t seem to want to go away is remote entry. Organizations of all sizes need to watch out for this type of threat. These threats can come from different countries, third-party sources that have access to your internal network, or any attempt from an unknown external source.
All you need is credentials
This quarter, we look at a few perspectives of the part credentials play in the threat landscape. We also look at some of the most common phishing fake login pages that attackers use to obtain credentials and some different ports and services that attackers sweep the internet to take advantage of by entering common usernames and passwords.To take a look at these common passwords and usernames, we break these down by most commonly used within some of the most popular protocols.
Dive deep into the MITRE ATT&CK framework
New for this quarter is a mapping of the MITRE ATT&CK framework with our general and custom IDR detections, enabling us to communicate threats to our customers. Over 90% of our InsightIDR detections occur at or before credential access. We also take a look at the total cumulative detections per industry to give a closer look at which threats pose the greatest danger for a particular industry.
Read the Q1 Threat Report in its entirety for more information on the trends and activities we saw last quarter, and take advantage of our recommendations to keep your network safe.