Last year, cybercriminals leaned heavily on stealth and efficiency, favoring straightforward techniques over complex malware and zero-day exploits.
According to the ‘2024 Year in Review’ report by Cisco Talos, identity-based attacks accounted for 60% of all recorded incident response cases. Threat actors used identifiers like stolen login credentials, session IDs, API keys, and digital certificates to compromise networks and accounts.
In almost 70% of all cybersecurity incidents, attackers were able to gain access to corporate networks using valid credentials of legitimate user accounts. That way, they were able to avoid detection and carry out their malicious operations, like installing ransomware or exfiltrating confidential information.
Accessing corporate networks with legitimate login credentials is easier than using more complex hacking methods, like exploiting software vulnerabilities or deploying malware. This method isn’t just used for initial access: threat actors rely on this type of technique for lateral movement and privilege escalation as well.
Exploiting old vulnerabilities was another significant security issue in 2024. Unpatched weaknesses, misconfigured systems, and weak multi-factor authentication (MFA) were the most common points of exploitation. According to researchers, many targeted systems were running end-of-life software or lacked basic security configurations.
“Many out-of-the-box security products come with baseline/default policies enabled, but organizations often fail to configure these products specifically for their own network’s needs,” the report reads.
Phishing also posed a significant threat. As much as 25% of all incident response cases involved phishing. Embedded malicious links were the most successful modus operandi compared to other modes of phishing, like malicious email attachments or voice phishing (vishing).
Despite law enforcement actions like Operation Kronos in March 2024, LockBit was the most active ransomware-as-a-service (RaaS) group for three years running, claiming 16% of the market. Newcomer RansomHub, the suspected successor of the Knight ransomware group first seen in February 2024, followed closely, accounting for 11%.
Like previous years, education was the most targeted sector in 2024, followed by public administration, manufacturing, healthcare, and finance.
Artificial intelligence (AI) played a small and insignificant role in cyberattacks.
“Generative AI is powerful and its potential to influence the threat landscape is staggering, but in 2024, threat actors’ use of AI did not significantly enhance attackers’ TTPs. Although threat actors have the potential to harness AI and develop novel capabilities, we have not yet observed those capabilities deployed at scale in the wild,” the Cisco Talos report says.
In addition, cybersecurity providers have increasingly integrated AI into their products and workflows to enhance threat and vulnerability detection, automate responses, and beef up organizations’ overall security.
Your email address will not be published. Required fields are markedmarked