TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Huntress

ITDR for Google Workspace | Huntress Managed ITDR

2026-03-24 · Read original ↗

ATT&CK techniques detected

10 predictions
T1586.002Email Accounts
87%
“business email compromise isn ’ t just email anymore when people hear bec, they usually picture a phishing email asking for a wire transfer. that still happens. but the modern playbook is a little more sophisticated. today ’ s bec campaigns often unfold as multi - stage identity …”
T1078.004Cloud Accounts
68%
“itdr for google workspace | huntress managed itdr for a long time, most organizations treated google workspace ( gws ) like a productivity tool. email. documents. calendars. chat. useful, sure. but not exactly the thing keeping security teams awake at night. attackers see it diff…”
T1078.004Cloud Accounts
67%
“##ing rules. oauth tokens. backup access paths. attackers assume passwords might get reset eventually, so they prepare alternatives. the important detail here is easy to miss — email compromise isn ’ t the goal. it ’ s the starting point. once attackers control a workspace identi…”
T1525Implant Internal Image
60%
“response. and it shows. turns out, when you solve real problems, people notice. one identity defense layer for microsoft and google many organizations operate in hybrid environments today. microsoft 365 on one side. google workspace on the other. until recently, protecting those …”
T1078.004Cloud Accounts
48%
“, but the pattern is consistent : identity first. some of the trends we ’ re seeing include : - business email compromise ( bec ) campaigns tied to gmail account takeovers - phishing delivered through trusted google services like drive or slides - oauth and consent phishing repla…”
T1098.002Additional Email Delegate Permissions
47%
“shuts down entire attack chains. unexpected login activity attackers rarely log in from the same place as legitimate users. they prefer vpns, proxies, or rented cloud infrastructure to obscure their location. managed itdr watches for authentication patterns that don ’ t fit — ris…”
T1564.008Email Hiding Rules
38%
“shuts down entire attack chains. unexpected login activity attackers rarely log in from the same place as legitimate users. they prefer vpns, proxies, or rented cloud infrastructure to obscure their location. managed itdr watches for authentication patterns that don ’ t fit — ris…”
T1586.002Email Accounts
34%
“shuts down entire attack chains. unexpected login activity attackers rarely log in from the same place as legitimate users. they prefer vpns, proxies, or rented cloud infrastructure to obscure their location. managed itdr watches for authentication patterns that don ’ t fit — ris…”
T1078.004Cloud Accounts
33%
“response. and it shows. turns out, when you solve real problems, people notice. one identity defense layer for microsoft and google many organizations operate in hybrid environments today. microsoft 365 on one side. google workspace on the other. until recently, protecting those …”
T1586.002Email Accounts
31%
“to datacenter providers and asns commonly used in attacks, surfacing suspicious access earlier in the attack chain. think of it as a behavioral signal attackers struggle to disguise. a real google workspace identity attack let ’ s make this concrete. below is a real example of ho…”

Summary

Huntress now delivers ITDR for Google Workspace to protect identities against BEC, inbox rule manipulation, and account takeover, all with a 24/7 SOC-led response.