Expel Quarterly Threat Report Q2 2023
Q2 2023 cybersecurity trends, data, and recommendations from the Expel security operations center (SOC)
Our latest Expel Quarterly Threat Report (QTR) distills the trends, notable new behaviors, and unusual attacks we saw over the last quarter. We’ll also use our previous threat reports to compare findings and point out patterns–and even provide some solutions for avoiding the latest threats.
By sharing how attackers got in, and how we stopped them, we’ll translate the security events we detect and remediate into a strategy for your organization.
Our analysis spans our entire customer base, covering orgs of all shapes, sizes, and industries. We’ve got present-day and future you covered.
What’s inside
Grab your copy of the Expel Q2 2023 Threat Report and take a look at what we learned this quarter, including:
- 56% of all incidents were account compromise or account takeover (ATO) in Microsoft 365 (M365).
- 23% of incidents involved the deployment commodity malware and malware families linked to pre-ransomware operations.
- 15% of all phishing attacks identified were session cookie theft via Attacker-in-the-middle (AiTM) phishing, which tripled from last quarter.
Attackers targeting vulnerabilities—very new and very old—resulted in the Q2 doubling of server-side exploit incidents. The MOVEit Transfer zero-day topped the list as the most common root cause, followed closely by an exploit from a decade earlier (yup, you read that right—a decade earlier 🤯).”
INFOGRAPHIC
SOC Snapshot
Malware families linked to pre-ransomware operations shifting gears to commodity malware.
