Cyber Security Trends: Unpacking The Top 10 Attacks in 2024 H1
Tuesday 17th September 2024
Ellen Hallam
Threat Intelligence Analyst Author
Daniela Miccardi
Cyber Security Marketing Manager Editor
Over the past six months, the Cyber Security Landscape has demonstrated a continued evolution. There have been a number of dynamic and challenging influences that have impacted organisations across the globe - forcing businesses to adapt and change to combat emerging threats.
In this article, Bytes' Threat Intelligence Analyst, Ellen Hallam, takes a look at the Top 10 Cyber Security trends of 2024 H1.
1. 86% of all interactive intrusions were attributed to eCrime activity. [CrowdStrike 2024 Threat Hunting report]
What we've seen:
- Ransomware attacks surge by 54% in January 2024 compared to January 2023 and then decrease after this , possibly affected by intensified law enforcement efforts targeting ransomware infrastructure and taking down the LockBit gang in particular.
- Ransomware-as-a-Service (RaaS): The RaaS model continues to lower the barrier to entry for cybercriminals. This model allows attackers to rent ransomware tools, making it easier for less technically skilled individuals to launch sophisticated attacks.
- 27 New Ransomware Groups have emerged, according to CyberInt.
2. Data breaches driven by supply chain attacks contributed to a 78% increase in data compromises in 2023 compared to 2022 [Identity Theft Resource Centre annual data breach report, 2023]
Attackers have been:
- Stealing login credentials from suppliers or vendors through phishing attacks, social engineering, or exploiting vulnerabilities in the supplier’s systems, often gaining unauthorised access
- Injecting harmful code into the software or firmware used by suppliers
- Stolen sensitive data from supplier systems, which can include data related to the organisation’s operations or its customers
- Conducted DDoS attacks on supplier systems, disrupting their operations and affecting organisations abilities to deliver critical services
3. Approximately 33% of cloud attacks are data breaches, 27% are environment intrusion attacks, 23% are crypto mining, and 15% involve failed audits. [SentinelOne Blog, 50+ Cloud Security Statistics in 2024]
Cybercriminals have been:
- Leveraging automation to speed up their attacks
- Targeting certain industries, such as telecommunications and financial services, have been more frequently targeted, due to the high value data available
- Targeting the software supply chain, injecting malicious code into software updates or using compromised third-party components to gain access to cloud environments
- Employing advanced evasion techniques to avoid detection, including living off the land techniques
4. On average, a new zero-day exploit is discovered in the wild every 17 days. [Sentinel One platform]
CVEs have been exploited:
- By Nation-state groups, particularly from China, have been leading the exploitation of zero-days, looking to exploit browsers and mobile devices to gather intelligence and monitor targets
- By Ransomware groups, who continue to be significant exploiters of zero-day vulnerabilities. Approximately 75% of financially motivated zero-day exploits are linked to ransomware operations [Google cloud]
This suggests a shift towards targeting more sophisticated and higher-value targets.
5. FAMOUS CHOLLIMA insiders were identified applying to or actively working at more than 100 unique companies. [CrowdStrike 2024 Threat Hunting report]
Insider Threats have evolved significantly over the past 6 months:
- There appears to have been an increase in the number of insider attack. Although this could be down to an increase in organisational reporting, there do seem to be more insider attacks occurring
- Although financial gain remains a primary motivation, along with acting for personal benefit, nation states have been in the news for using Insiders to conduct espionage on individual organisations
- Detection of insider attacks are slightly more difficult than external attacks, especially if organisations struggle to differentiate between normal and malicious user behaviour, which hybrid working has impacted by widening the attack surface
6. 98% of cyberattacks rely on social engineering [Splunk blog on Social Engineering Attacks, 2024]
Attackers have been:
- Using deepfake technology to impersonate executives and other trusted individuals in video or audio calls
- Leveraging AI to create more convincing phishing emails and automated social engineering attacks, crafting more personalised and more legitimate-looking communications
- Making use of multi-stage phishing campaigns, used initial emails to gather more information to conduct further, more targeted attacks
- Increasingly using social media platforms to gather information about their targets, exploiting publicly available data to create more believable narratives and tailor their attacks to specific individuals or organisations
7. There are an estimated 13.1 billion connected IoT devices globally — a number that is projected to increase to 30 billion by 2030. [Splunk’s Top 50 Cybersecurity Threats, 2022]
In the last six months, IoT (Internet of Things) attacks have seen several notable trends and changes:
- A significant increase in the number of attacks targeting IoT
- IoT devices increasingly being targeted to create botnets
- Attackers exploiting vulnerabilities in IoT devices, particularly those with weak or default passwords. This includes brute-forcing attempts on protocols like Telnet and SSH
- Attackers are targeting home networks and smart home devices to gain access to corporate resources
8. Cryptojacking incidents have surged by 659% year-over-year. [Sonicwall’s Latest Threat Intelligence Navigates the Relentless Surge in Cybercrime, 2024 blog]
There has been a significant rise in:
- Cryptojacking attacks, where attackers use compromised cloud resources to mine cryptocurrencies. This trend is particularly prevalent in cloud-native environments.
- Targeting of the retail and finance industries
- Attackers using more sophisticated methods to avoid detection, e.g., cryptojacking malware shutting down when system monitoring tools are opened and restarting once they are closed
- Ransomware groups moving to cryptojacking as a more low-profile revenue stream and expanding beyond just Windows, to macOS and Linux Systems
9. 66 Million BEC attacks were detected and blocked on average per month by Proofpoint [Proofpoint Start of the Phish 2024 report]
Business email compromise have evolved significantly, to include:
- A 48% surge in these types of attacks, according to Abnormal
- Increased targeting of smaller organisations, particularly those with fewer than 5,000 employees, who are receiving the most BEC emails per mailbox
- BEC attacks have become more nuanced and sophisticated, with attackers using well-crafted emails that often do not contain malicious links or attachments, decreasing detection rates
- Financial Impact: BEC scams continue to cause significant financial losses. In 2023, BEC accounted for nearly $2.7 billion in adjusted losses, far surpassing the financial impact of ransomware, according to Abnormal
10. AiTM phishing campaigns targeted over 10,000 organisations. [Microsoft Sentinel Blog: Identifying Adversary-in-the-Middle (AiTM) Phishing Attacks through 3rd-Party Network Detection]
AiTM attacks have:
- Become more sophisticated and better targeted, often bypassing multifactor authentication (MFA) by leveraging reverse-proxy functionality, allowing attackers to intercept session cookies and fain access to authenticated sessions without needing user credentials
- Been increasing the availability of AiTM phishing kits for purchase or rent on the dark web, making it easier for less technically skilled attackers to carry out sophisticated attacks
- Increasingly used automation and AI to scale their attacks. This includes automated phishing campaigns that can quickly adapt to bypass security measures
- Often become part of multi-stage campaigns that include other attack types such as Business Email Compromise (BEC) and credential harvesting, increasing the overall effectiveness and damage potential of the attacks
We hope that you've found this article useful. If you would like to discuss any of the points in further detail with Bytes, please reach out to your Bytes Account Manager, or email [email protected].
Want to keep informed? Sign up to our Newsletter