#United States #San Jose #Cybersecurity #threat detection #Red Canary

Red Canary's Insights into Evolving Cybersecurity Threats

In a rapidly changing digital landscape, Red Canary has recently released its midyear update to the 2025 Threat Detection Report, highlighting notable trends in cybersecurity threats observed in the first half of the year. The report underscores a shocking rise in identity threats and the evolution of cloud techniques, both of which demand urgent action from organizations to fortify their defenses against growing cyber risks.

Key Highlights from the Report

1. Dramatic Rise in Cloud Account Detections
A staggering increase of nearly 500% in detections related to cloud accounts was observed compared to all of 2024. This rise is largely attributed to expanded capabilities in detecting identity-based threats and the adoption of artificial intelligence tools that monitor login activities. The new AI agents can identify risks stemming from unusual login patterns, suspicious devices, and potentially compromised remote connections, thereby improving overall detection accuracy.

2. Emergence of New Cloud Techniques
New cloud-related techniques are making headlines. For the first time, “Data from Cloud Storage” and “Disable or Modify Cloud Firewall” have entered Red Canary's top ten detected techniques, indicating an alarming shift in how threats are emerging. Misconfigurations, such as poorly secured AWS S3 storage buckets or open firewall ports, pose serious risks. This necessitates vigilance as both malicious actors and trusted users can inadvertently exploit these configurations.

3. Phishing Emails Misleadingly Common
The analysis of user-reported phishing emails revealed that only 16% were genuine threats, yet phishing attacks still remain a predominant method for cybercriminals. The adoption of sophisticated tactics, such as using legitimate platforms like Google Translate to craft convincing scams, highlights the importance of continuous adaptation in security protocols.

4. Transition of Threat Techniques
A notable adaptation was seen with the threat group Scarlet Goldfinch, which shifted from using fake browser updates to utilizing deceptive CAPTCHA methods. This change illustrates how attackers are continually evolving their tactics to evade detection, requiring organizations to stay one step ahead.

Strengthening Defense Mechanisms

Given the urgent cybersecurity challenges highlighted in this report, companies must consider implementing several critical strategies to enhance their defense:

• - Identity Security Controls: Enforcing multi-factor authentication (MFA) and establishing conditional access policies can significantly limit unauthorized access, thereby safeguarding sensitive information.
• - Cloud Misconfiguration Management: Routine audits of cloud infrastructure are essential. Organizations should ensure strict adherence to zero trust principles when managing access settings and firewall protocols.
• - Phishing Awareness Programs: Conducting regular training sessions will empower employees to detect and respond appropriately to advanced phishing attempts.
• - Monitoring VPN and RMM Activities: Continuous oversight of VPN usage and Remote Management Tools (RMM) is necessary. Utilizing behavioral analytics can help distinguish between normal and suspicious activities, enabling faster incident response.

By proactively adopting these measures, organizations can create a robust cybersecurity framework capable of mitigating the risks associated with emerging threats. The findings from Red Canary's report serve as a critical reminder of the evolving nature of cyber threats, urging businesses to remain vigilant and adaptable in their security approaches.

About Red Canary and Zscaler

Red Canary, a subsidiary of Zscaler, is at the forefront of Managed Detection and Response (MDR) services, offering support to a diverse range of organizations. The company focuses on identifying and neutralizing cyber threats before they can cause significant harm. Zscaler, recognized for its expertise in cloud security, offers the Zero Trust Exchange™ platform, which protects thousands of customers from cyber threats by securely connecting users, devices, and applications across various locations.

In conclusion, the insights from Red Canary's midyear update highlight an urgent need for organizations to reassess their cybersecurity strategies, especially regarding identity and cloud security. As the threat landscape continues to evolve, continued vigilance and proactive measures are essential to safeguard against these emerging risks.