An Introduction to the 2024 Annual Cyber-Threat Report
ReliaQuest Blog –
ReliaQuest has published the 2024 Annual Threat Report (ATR), providing a comprehensive overview of the evolving cyber threat landscape
The report covers key cyber threats and events observed in 2023, offering quantitative and qualitative analysis to empower defenders with insights and tools to anticipate and defend against these threats
Key findings:
71.1% of observed attacker tactics, techniques, and procedures (TTPs) involved spearphishing links or attachments, with a 51% increase in QR code phishing (quishing)
Drive-by compromise incidents involved downloading disguised malicious files, primarily via SocGholish and SolarMarker malware
Business Email Compromise (BEC) attacks increased by 246%, largely due to the adoption of phishing-as-a-service (Phaas) offerings
Threat actors increasingly used Living off the Land (LotL) techniques for defense evasion, allowing them to maintain access for extended periods
Extortion activity increased by 74.3% in 2023, with LockBit alone naming over 1,000 companies on its data-leak site
Over 6 billion leaked credentials were discovered, bringing the total to 36 billion
Cybercriminal forums show growing interest in weaponizing AI technology for attacks
Threat actors are automating various stages of their attacks or the entire attack chain
Customers using AI and automation saw a reduction in their Mean Time to Respond (MTTR) to 58 minutes, down 98.8% from 2022
The report emphasizes the need for defenders to stay informed about evolving threats and adopt strategic defense actions to mitigate cyber risks effectively
ReliaQuest aims to empower security teams with knowledge and tools to anticipate and defend against these threats, reflecting their mission to make security possible for organizations by increasing visibility, reducing complexity, and managing risk.
Link: https://www.reliaquest.com/blog/2024-annual-cyber-threat-report/