Skip to content

Open Source Praxen Brings Agent Behavior Verification to AI Agents and Digital Workers — Read the News

Exabeam News Wrap-up – September 12, 2022

  • Sep 20, 2022
  • Heidi Willbanks
  • 2 minutes to read

Table of Contents

    We’ll be regularly bringing you a summary of Exabeam’s key topics and headlines. Stay up to date with the Exabeam News Wrap-up!

    Uber Hacked in MFA Fatigue Social Engineering Attack

    Last week, Uber was a victim of a cyberattack; compromised systems include their security software, Windows domain, Amazon Web Services console, and Google Workspace admin dashboard. The hacker allegedly used a social engineering technique called an MFA Fatigue attack to gain access to an Uber employee’s account. 

    “This is far from rare; in fact, a 2022 report found that insider threat incidents have risen 44% over the past two years,” says Samantha Humphries, head of security strategy EMEA at Exabeam. “This kind of threat can be much harder to detect. After all, an attacker with valid credentials looks just like a regular user. This presents one of the most significant challenges for security teams.”

    U-Haul Breached, Customer Information Compromised

    Moving truck company U-Haul International suffered a data breach after a customer contract search portal was hacked. An investigation determined that the intruders accessed customer information including names, driver’s licenses, and state identification numbers.

    Ralph Pisani, president of Exabeam, shared some thoughts on the role of credentials in defending an enterprise and its data:

    “Proper education, feedback loops, visibility, and effective technical capabilities are the keys to identifying and responding to attacks caused by compromised credentials. The most effective detective capability is the development of a baseline for normal employee behavior, specifically to assist organizations with identifying the use of compromised credentials for initial access and later maintaining network access. If you can establish normal behavior first, only then can abnormalities be known — a great asset in uncovering unknowingly compromised accounts.”

    XDR Alliance Welcomes New MSSP and MDR Members Committed to Open XDR Framework in Cybersecurity

    The XDR Alliance welcomed new members Banyax, Deloitte and Reliquest, expanding the MSSP/MDR category for the alliance. Gorka Sadowski, founder of the XDR Alliance and chief strategy officer at Exabeam, discussed how these new members will expand the alliance’s efforts toward a more open, inclusive and collaborative team. “We are pleased to have these providers join and augment the representation in the MSSP/MDR space, and offer their extraordinary API integration expertise across all alliance member technologies and the industry at large,” said Sadowski. “These new members represent joint customers all over the world and have vast expertise in helping end customers benefit from tightly integrated best-of-breed technology stacks in the spirit of being open, inclusive and collaborative. They built and operate some of the world’s largest security operations centers (SOCs).”

    Defending against insider threats is more than just picking the right security solutions. It’s also defining and creating a security program that pulls people, processes, and technology together to effectively defend against these kinds of threats.

    Download this checklist as a guide for defining your insider threat defense strategy.

    Heidi Willbanks

    Heidi Willbanks

    Heidi Willbanks | Senior Product Marketing Manager, Content | Exabeam | Heidi Willbanks leads content strategy and go-to-market execution at Exabeam, focusing on product launches, cybersecurity solutions marketing, and technical alliances. She has 20+ years of marketing experience, including over a decade in information security and data privacy, and holds a Level IV certification from Pragmatic Institute. Heidi specializes in creating clear, technically accurate content for security practitioners and decision-makers.

    More posts by Heidi Willbanks

    Learn More About Exabeam

    Learn about the Exabeam platform and expand your knowledge of information security with our collection of white papers, podcasts, webinars, and more.

    • Blog

      Why Low-And-Slow Attacks Look Normal

    • White Paper

      Modernizing the CERT Insider Threat Framework for the Agentic Enterprise

    • Podcast

      CISO 3.0: The Playbook for Delivering Impact and Influence

    • Blog

      Why Short Correlation Windows Miss Insider Risk

    • Blog

      Why Insider Threats Don’t Trigger Alerts

    • Data Sheet

      Behavior Intelligence for the Agentic Enterprise

    • Show More