Expel Quarterly Threat Report Q1 2023
Q1 2023 Cybersecurity data, trends, and recommendations from the Expel Security Operations Center (SOC)
This Expel Quarterly Threat Report (QTR) delivers intelligence you can put into play today on some of the most active attack vectors our SOC leadership team observed in the first quarter of this year. By sharing how attackers got in, and how we stopped them, we’ll translate the security events we detect into security strategies for your org.
If you’ve read one of our previous QTRs, you’ll notice a slightly shorter format. Why is that? Well, we decided to focus less on what happened again this quarter, and more on new things we saw in our SOC, and what you can do about them.
This QTR still surfaces the most significant data we’re seeing in our threat detection and response efforts and curates that data into trends that can impact your cybersecurity posture. (How’s that for building resilience?)
Attackers bypassed MFA in popular SaaS applications like Okta and M365 by stealing session cookies, launching MFA fatigue attacks, registering malicious OAuth applications, and authenticating using legacy protocols.”
What’s inside the Expel Q1 2023 Threat Report
Get a copy of the Expel Q1 2023 Threat Report. Some preview highlights of what we saw:
- 57% of all incidents our SOC handled in Q1 were identity-based attacks (account compromise, account takeover, and long-lived access key theft).
- 24% of incidents were the deployment of commodity malware and malware families linked to pre-ransomware operations
- 6% of the incidents were authorized penetration tests, red team, and purple team activity.
