The most widely encountered high-risk cyber incidents in 2023 involved identity abuse, according to findings from Barracuda’s latest XDR Insights report, published on August 23, 2023.
From January to July 2023, Barracuda collected 950 billion IT events from its customers’ integrated network, cloud, email, endpoint and server security tools.
These included everything from logins (both successful and unsuccessful), network connections, and traffic flows to email messages and attachments, files created and saved, application and device processes, changes to configuration and registry, and any specific security warnings.
With the help of AI-based account profiling features, the Barracuda Managed XDR detected 985,000 alarming cybersecurity incidents out of these nearly one trillion events, including 6000 that required immediate defensive action to contain and neutralize the threat.
According to Barracuda’s telemetry, the three most common high-risk included the following:
- ‘Impossible travel’ login detections: These occur when a user is trying to log into a cloud account from two geographically different locations in rapid succession – with the distance between them impossible to cover in the time between logins. While this can mean they are using a VPN for one of the sessions, it is often a sign that an attacker has gained access to a user's account.
- Anomaly detections: These identify unusual or unexpected activity in a user's account. This could include rare or one-off login times, unusual file access patterns, or excessive account creation for an individual user or organization. Such detections can indicate various problems, including malware infections, phishing attacks, and insider threats.
- Communication with known malicious artifacts: These identify communication with red-flagged or known malicious IP addresses, domains, or files. This can be a sign of a malware infection or a phishing attack.