CloudSEK report reveals surge in complex cyber threats

CloudSEK has released its 2024 Threat Landscape Report, which provides a detailed analysis of the current global cyber threat trends.

The report highlights that in 2024, a significant amount of data, approximately 534TB, was stolen and traded on dark web platforms such as BreachForums and Leakbase. Instances of ransomware demands averaged over USD $2 million, with a total of 994TB of data exfiltrated across various industries.

The sectors most targeted by cybercriminals were identified as retail, IT, and communications, with the United States, India, and Israel recording the highest attack volumes. Critical vulnerabilities were found and rapidly exploited in systems operated by Linux, Microsoft, and Fortinet.

According to CloudSEK's research team, "Cybercrime is evolving rapidly, with underground forums not only facilitating illegal trade but also enabling collaboration among threat actors. This makes monitoring these spaces critical to understanding and countering emerging threats."

The report also identifies the United States, India, and Israel as geographic hotspots for cyber attacks due to various strategic reasons such as economic dominance, rapid digitisation, and geopolitical tensions, respectively. The United States experienced the highest number of attacks, amounting to 140, followed by India with 95 and Israel with 57 attacks.

Ransomware threats persisted and intensified throughout the year. The manufacturing, healthcare, and real estate sectors were particularly affected, with ransomware groups LockBit 3.0 and RansomHub leading the attacks. Over 994TB of data was exfiltrated, emphasising the move towards more complex extortion tactics.

CloudSEK's research team explained, "Ransomware is no longer just about locking systems; it's about weaponizing stolen data. This shift has devastating consequences for businesses and individuals."

Exploited Vulnerabilities: A Weak Link in the Chain

The speed at which threat actors exploited newly disclosed vulnerabilities was alarming:

Critical Exploits:

CVE-2024-4577 (PHP CGI Command Injection): Weaponized within weeks, impacting enterprise-grade systems.

CVE-2024-24919 (Check Point Information Disclosure): Exploited widely to target government and enterprise networks.

Zero-Days on the Rise: High-profile vulnerabilities like CVE-2024-3400 (PAN-OS Command Injection) and CVE-2024-23897 (Jenkins CLI Path Traversal) showcased the growing sophistication of attackers.

Vendors in Focus: Linux, Microsoft, and Fortinet recorded the highest number of exploited flaws, reflecting their ubiquity in critical infrastructure. (For More information, Check Full Report)

Organizations are urged to prioritize timely patching and robust vulnerability management to mitigate these risks.

CloudSEK's Recommendations for Building Resilience

In the face of these evolving threats, CloudSEK emphasizes a proactive, multi-layered approach to cybersecurity:

• Timely Patch Management: Address known vulnerabilities to close gaps before exploitation.
• Continuous Threat Monitoring: Leverage AI-driven tools to detect and respond to threats in real-time.
• Strengthened Access Controls: Implement MFA, privileged access management, and network segmentation.
• Incident Response Planning: Develop and simulate response plans to reduce downtime during an attack.
• Awareness and Collaboration: Foster cybersecurity awareness across teams and collaborate with public-private networks to share intelligence.