Guest blog courtesy of CYRISMA.As we approach the end of the year, we’ve begun to analyse some of the more prominent cybersecurity reports that came out in 2024 to identify threat trends.In this blog post, we collate key findings from:Ransom Funding:Impact on Computers:Root Causes:
The Threat Landscape in 2024
Here are our top observations about data breaches, vulnerability exploitation trends, ransomware, DDoS attacks, AI-use by both criminals and defenders, and more.Data Breach Costs Continue to Rise
- The global average cost of a data breach increased by 10% from 2023 to 2024, reaching USD 4.88 million driven by increased business disruption and post-breach expenses.
- The United States, as before, had the highest average data breach cost at USD 9.36 million
- Organizations are passing on these costs to customers, potentially impacting their competitiveness in inflationary markets.
Vulnerability Exploitation Common Root Cause of Attacks
- 19,754 vulnerabilities were identified from July 2023 to June 2024, with 9.3% categorized as critical and 21.8% as high.
- The use of vulnerabilities as a critical path to initiate a breach has seen a substantial increase, almost tripling from last year. This trend is largely attributed to the widespread impact of zero-day vulnerabilities like MOVEit.
- Exploited vulnerabilities remained the most common root cause of ransomware attacks.
- Ransomware attacks originating from unpatched vulnerabilities had more severe consequences, including higher ransom demands and longer recovery times.
DDoS Attack Trends
- Application-layer DDoS attacks became more common, posing greater risks to business availability. These attacks are stealthier, more sophisticated, and harder to mitigate than network-level attacks.
- DDoS-as-a-Service or DDoS-for-Hire: Unskilled users could launch large-scale DDoS attacks using readily available services, making it easier for individuals and groups to engage in this type of cybercrime.
- In Europe, DDoS attacks and ransomware were the most common threats, accounting for over half of observed incidents. The high prevalence of DDoS attack was partly due to ongoing geopolitical tensions.
GenAI used for both Defense and Cybercrime
- AI has been used by threat actors for mass content production for phishing, disinformation and influence campaigns; amplifying threats by means such as automated malware generation and C&C infrastructure, which has further lowered barriers to entry for amateur operators
- It has also been extremely effective at finding, researching and carrying out campaigns against lucrative targets, and impersonation (deepfakes, faster research on individuals, spear phishing email creation at scale)
- At the defense end, organizations that applied security AI and automation lowered breach costs by an average of USD 2.2 million.
- These solutions help identify and contain breaches faster, reducing the overall impact.
- There has also been emphasis on the need for better data governance for secure and compliant use of the data accessed, handled and generated by GenAI platforms and avoiding the proliferation of shadow data.
Ransomware Trends
The overall rate of ransomware attacks decreased slightly from previous years, with 59% of organizations affected in 2024.Ransomware and extortion together accounted for 32% of breaches. While traditional ransomware attacks have declined slightly, the overall impact of these threats has grown due to the increasing prevalence of extortion techniques.Ransom Demands and Payments:- Ransom demands averaged $4.3 million, with a significant portion (63%) exceeding $1 million.
- Victims didn’t always pay the amount demanded, with 44% negotiating lower payments.
- Insurance providers were involved in 83% of ransom payments, but rarely covered the full amount.
- Ransom funding often involved multiple sources, with the organization itself being the primary contributor.
- Insurance providers played a significant role, covering 23% of ransom payments on average.
- On average, ransomware attacks affected just under half of an organization’s computers.
- The impact varied by organization size and industry, with larger organizations and certain sectors experiencing more extensive damage.
- Exploited vulnerabilities remained the most common root cause of ransomware attacks.
- Email-based approaches, including phishing and malicious emails, were also significant factors.
- Attacks originating from unpatched vulnerabilities had more severe consequences, including higher ransom demands and longer recovery times.
Supply Chain Threats
- Breaches involving third parties, including partner infrastructure and software supply chain issues, increased significantly, reaching 15% this year. This was primarily driven by the exploitation of zero-day vulnerabilities for ransomware and extortion attacks.
- In many cases, social engineering attacks were used to target supply chains, exploiting vulnerabilities in open-source projects and software development processes.
Cybersecurity Skills Shortage Persists
- Around 53 percent of breached organizations faced severe security staffing shortages, contributing to increased breach costs.
- The average cost of a breach for organizations with security staffing shortages was $5.74 million, $860,000 higher than the global average.
Phishing and Social Engineering
- The human element, of which phishing is a critical part, was present in 68 percent of data breaches, according the Verizon DBIR.
- In ransomware incidents, specifically, email-based approaches, including phishing and malicious emails, continued to be significant entry points for ransomware actors. Threat actors used GenAI-as-a-Service, tools such as FraudGPT and large language models to co-author scam emails and generate malicious PowerShell scripts.
- The reporting rate of phishing went up, indicating increased awareness. However, the median time to click on a malicious link remains alarmingly low (under a minute), highlighting the need for continuous security awareness training and education.
Rise in Tech Scams and Living Off The Land (LOTL)
- Tech scams surged 400% from 2021 to 2023. These scams often involve impersonating legitimate services or using fake tech support and ads to trick users into revealing sensitive information.
- Threat actors were able to leverage trusted cloud services to evade detection and disguise their malicious activities.
