Expel Unveils Threat Research and Cloud Detection, Response and Remediation Capabilities and Resources

Quarterly Threat Report and defender’s cheat sheet for Google Cloud Platform help organizations stay ahead of cybersecurity threats

Press releases · Cole Finch

Herndon, VA, August 9, 2022Expel, the managed security provider that aims to make security easy to understand, use and improve, today unveiled new threat research and cloud detection, response and remediation resources at Black Hat USA 2022.

“As defenders, we need to use every advantage we have. One of those is all of us being part of a defense community, sharing knowledge — about threats, vulnerabilities, defensive strategies — to better protect each other,” said Dave Merkel, CEO and co-founder of Expel. “I hope our threat intel and cloud security resources are useful to both our customers and the cybersecurity community at large.”

Quarterly Threat Report — Q2 2022. The Expel Quarterly Threat Report (QTR) showcases the established and emerging trends and incidents the Expel security operations center (SOC) team observed across customer environments. The SOC team gathers its findings through investigations into alerts, email submissions, and hunting leads and threats from the second quarter of 2022 (April 1 to June 30). A thorough analysis of incidents identifies patterns and trends to help guide strategic decision-making and operational processes.

Some key takeaways from the QTR include:

  • Identity-based attacks — which include credential theft, credential abuse, and long-term access key theft — accounted for 56% of all incidents identified by the Expel SOC in Q2.
  • Ransomware threat groups and their affiliates have mostly abandoned the use of Visual Basic for Application (VBA) macros and Excel 4.0 macros to gain initial entry to Windows-based environments.
  • Fourteen percent of identity attacks against cloud identity providers satisfied the multi-factor (MFA) requirement by continuously sending “Push” notifications to users until they approved.

The QTR also outlines recent findings in business email compromise (BEC), business application compromise (BAC), phishing, and cloud security incidents, among others topic areas. Download the QTR for Q2 2022 here.

MITRE ATT&CK in Google Cloud Platform: A defender’s cheat sheet. As threat actors increasingly operate in the cloud, the Expel SOC team observes their activity and strategies to share information to educate defenders. The MITRE ATT&CK guide for Google Cloud Platform (GCP) contains a breakdown of the tactics the Expel SOC team sees attackers use most often during attacks in GCP. The guide also includes best practices for investigating incidents, and helps inform organizations’ GCP alert triage, and incident response to quickly remediate issues. Lastly, this cheat sheet includes a “mind map” that lays out the relationship between MITRE ATT&CK tactics, GCP services, and API calls to help security teams better understand how threat actors execute attacks. To learn more and download the defender’s cheat sheet for MITRE ATT&CK in GCP, visit this page.

Expel Cloud Detection and Response. Expel ingests events and log data from GCP, Amazon Web Services (AWS), and Azure and enriches it with customer-specific context such as the type of environment (e.g., production, development) or user (e.g., admin) to hone detection based on risk and expected behaviors. Expel layers on the detections, ingesting security signal from cloud-native services and writing custom detections tailored to each cloud provided from the logs in the cloud admin control plane. Expel’s cloud infrastructure strategy is focused on catching misconfigurations, suspicious logins and unusual admin activity, like resource sharing.

To download the defender’s cheat sheet for MITRE ATT&CK in AWS, visit this page. To build a detection and response strategy in Azure, download Expel’s Azure Guidebook here.

To learn more about Expel’s managed detection and response (MDR), remediation, phishing, and threat hunting capabilities at Black Hat, visit booth 2861, August 10 and 11, or book a meeting or schedule a demo.

About Expel
Expel helps companies of all shapes and sizes minimize business risk. Our technology and people work together to make sense of security signals—with your business in mind—to detect, understand, and fix issues fast. Expel offers managed detection and response (MDR), remediation, phishing, and threat hunting. For more information, visit our website, check out our blog, or follow us on LinkedIn or Twitter.

Loren Guertin
Matter Communications on behalf of Expel

Resources home