The digital world’s rapid evolution has been paralleled by the equally swift adaptation and innovation of cyber threats. ReliaQuest’s 2024 Annual Threat Report provides an exhaustive overview of these threats, observing key events and trends in 2023, and offering both quantitative and qualitative analyses.
This year’s edition not only documents the increased cyber threat complexity but also serves as a beacon for defenders, empowering them with insights and tools to anticipate and counteract these evolving dangers. Here, we examine some of the report’s pivotal findings and explore the implications for the future of cybersecurity.
Increasingly Complex Phishing Methods
Attackers are increasingly leveraging social engineering tactics to initiate cyber attacks, with 71.1% of observed incidents involving spearphishing links or attachments. One major concern is a sharp 51% rise in QR code phishing (quishing) attacks compared to the previous eight months.
ReliaQuest observed a significant increase in drive-by compromise incidents, where individuals unknowingly downloaded disguised malicious files, often through the SocGholish and SolarMarker malware. Nearly 30% of these incidents facilitated initial access through user action.
The report identified a staggering 246% increase in Business Email Compromise (BEC) attacks, primarily involving phishing emails aimed at deceiving employees into making fraudulent payments. The adoption of Phishing-as-a-Service (PHaaS) offerings, such as BulletProofLink, has streamlined and facilitated these operations.
A Spike in Extortion
ReliaQuest highlighted a significant threat from hackers using Living off the Land (LotL) techniques to obfuscate their activity through defense evasion tactics like log clearing and infiltrating PowerShell. In one intrusion observed in April 2023, a Chinese state-sponsored threat group primarily used LotL commands to blend into a company’s environment, maintaining access for over a month.
Extortion activity increased by a staggering 74.3% in 2023, setting a new record for the number of companies listed on ransomware data leak sites. LockBit alone named over 1,000 companies on its data-leak site during the year. Additionally, more than 6 billion leaked credentials from data breaches were discovered, bringing the total to a staggering 36 billion and counting.
Source: 2024 ReliaQuest Annual Cyber-Threat Report
AI Boosting Attack and Defense Capability
The report highlights growing interest among cybercriminal forums in weaponizing AI technology. ReliaQuest found dedicated sections on these forums detailing criminal alternatives to mainstream chatbots, such as FraudGPT and WormGPT, as well as discussions hinting at the development of simple malware and distributed denial of service (DDoS) queries using AI.
While attackers are leveraging AI, it has also delivered a significant boost to defensive capabilities. Customers using at least some level of AI and automation saw a reduction in their Mean Time to Respond (MTTR) to 58 minutes, down 98.8% from 2022. Those fully leveraging AI and automation have brought their MTTR down to 7 minutes or less.
The Wrap
The insights from ReliaQuest’s 2024 Annual Threat Report paint a comprehensive picture of today’s cyber threats, highlighting the evolving tactics of attackers and the critical role of innovative defenses. As organizations navigate these challenges, the report serves as a pivotal resource, offering actionable intelligence and strategic guidance.
By leveraging the findings and recommendations of the Annual Threat Report, defenders can empower themselves to anticipate emerging threats and fortify their cybersecurity posture. The importance of such vigilance and preparedness cannot be overstated in a time when the digital and physical worlds are increasingly intertwined. The journey toward more secure digital environments is ongoing, but with the insights provided by ReliaQuest, organizations have a clearer path forward.
