Guest blog courtesy of CYRISMA.As we approach the end of the year, we’ve begun to analyse some of the more prominent cybersecurity reports that came out in 2024 to identify threat trends.In this blog post, we collate key findings from:Verizon’s Data Breach Investigations Report (DBIR) 2024 IBM’s 2024 Cost of a Data Breach Report The ENISA Threat Landscape 2024 Microsoft’s Annual Digital Defense Report 2024 The Sophos State of Ransomware Report 2024 The global average cost of a data breach increased by 10% from 2023 to 2024, reaching USD 4.88 million driven by increased business disruption and post-breach expenses. The United States, as before, had the highest average data breach cost at USD 9.36 million Organizations are passing on these costs to customers, potentially impacting their competitiveness in inflationary markets. 19,754 vulnerabilities were identified from July 2023 to June 2024, with 9.3% categorized as critical and 21.8% as high. The use of vulnerabilities as a critical path to initiate a breach has seen a substantial increase, almost tripling from last year. This trend is largely attributed to the widespread impact of zero-day vulnerabilities like MOVEit. Exploited vulnerabilities remained the most common root cause of ransomware attacks. Ransomware attacks originating from unpatched vulnerabilities had more severe consequences, including higher ransom demands and longer recovery times. Application-layer DDoS attacks became more common, posing greater risks to business availability. These attacks are stealthier, more sophisticated, and harder to mitigate than network-level attacks. DDoS-as-a-Service or DDoS-for-Hire: Unskilled users could launch large-scale DDoS attacks using readily available services, making it easier for individuals and groups to engage in this type of cybercrime. In Europe, DDoS attacks and ransomware were the most common threats, accounting for over half of observed incidents. The high prevalence of DDoS attack was partly due to ongoing geopolitical tensions. AI has been used by threat actors for mass content production for phishing, disinformation and influence campaigns; amplifying threats by means such as automated malware generation and C&C infrastructure, which has further lowered barriers to entry for amateur operators It has also been extremely effective at finding, researching and carrying out campaigns against lucrative targets, and impersonation (deepfakes, faster research on individuals, spear phishing email creation at scale) At the defense end, organizations that applied security AI and automation lowered breach costs by an average of USD 2.2 million. These solutions help identify and contain breaches faster, reducing the overall impact. There has also been emphasis on the need for better data governance for secure and compliant use of the data accessed, handled and generated by GenAI platforms and avoiding the proliferation of shadow data. Ransom demands averaged $4.3 million, with a significant portion (63%) exceeding $1 million. Victims didn’t always pay the amount demanded, with 44% negotiating lower payments. Insurance providers were involved in 83% of ransom payments, but rarely covered the full amount. Ransom Funding:Ransom funding often involved multiple sources, with the organization itself being the primary contributor. Insurance providers played a significant role, covering 23% of ransom payments on average. Impact on Computers:On average, ransomware attacks affected just under half of an organization’s computers. The impact varied by organization size and industry, with larger organizations and certain sectors experiencing more extensive damage. Root Causes:Exploited vulnerabilities remained the most common root cause of ransomware attacks. Email-based approaches, including phishing and malicious emails, were also significant factors. Attacks originating from unpatched vulnerabilities had more severe consequences, including higher ransom demands and longer recovery times. Breaches involving third parties, including partner infrastructure and software supply chain issues, increased significantly, reaching 15% this year. This was primarily driven by the exploitation of zero-day vulnerabilities for ransomware and extortion attacks. In many cases, social engineering attacks were used to target supply chains, exploiting vulnerabilities in open-source projects and software development processes. Around 53 percent of breached organizations faced severe security staffing shortages, contributing to increased breach costs. The average cost of a breach for organizations with security staffing shortages was $5.74 million, $860,000 higher than the global average. The human element, of which phishing is a critical part, was present in 68 percent of data breaches, according the Verizon DBIR. In ransomware incidents, specifically, email-based approaches, including phishing and malicious emails, continued to be significant entry points for ransomware actors. Threat actors used GenAI-as-a-Service, tools such as FraudGPT and large language models to co-author scam emails and generate malicious PowerShell scripts. The reporting rate of phishing went up, indicating increased awareness. However, the median time to click on a malicious link remains alarmingly low (under a minute), highlighting the need for continuous security awareness training and education. Tech scams surged 400% from 2021 to 2023. These scams often involve impersonating legitimate services or using fake tech support and ads to trick users into revealing sensitive information. Threat actors were able to leverage trusted cloud services to evade detection and disguise their malicious activities.
Threat Intelligence
Cyber Threat Trends in 2024: The Landscape According to Top Industry Reports
(Adobe Stock)
You can skip this ad in 5 seconds