Attackers changing tactics
“Threat actors have figured out that trying to bring malware [in an initial compromise] is like going to the airport with a bottle of water in your pack — you’re probably going to get caught,” Meyers said in an interview, noting that defensive technology like endpoint detection and response [EDR] is good at catching malware. So, he said, “what is increasingly happening is threat actors are trying to move away from being detected [through EDR] and doing it with identity. This is a trend we’ve seen over the past two years or so and is really on the uptick, and is continuing to evolve.”
But, he warned, “multi-factor authentication [MFA] is not a silver bullet, and you need to have identity threat detection and response capability in your [IT] environment or sad things are going to happen.”
“It’s the old [hockey] adage,” he added. “’Skate to where the puck is going, not to where it’s at right now.’”
