Threat Research

Top 10 Cyber Threats in 2024 – CISO Edition – SOCRadar® Cyber Intelligence Inc.

SocRadar

The article outlines the top 10 cyber threats CISOs faced (and will face) in 2023, with strategic guidance inspired by Verizon DBIR 2024. It covers ransomware, identity-based attacks, DoS, cloud, supply chains, zero-days, cyber warfare, code injection, legacy infra, cryptojacking, and AI-driven threats, plus practical recommendations for defense and resilience.
#LockBit3.0 #ALPHV #Blackcat #Cl0p #MOVEit #GoAnywhere #VMwareESXi #3CX #NATO #APT29 #Sandworm #APT40

Keypoints

  • The ransomware landscape remains highly active, with major groups (LockBit3.0, ALPHV Blackcat, Cl0p) executing sophisticated, sometimes supply-chain–related campaigns and double extortion, driving record ransom payments in 2023.
  • Identity-based threats (phishing, social engineering, credential stuffing) are rising, aided by AI, with notable campaigns targeting brands like Microsoft and MFA bypass efforts described.
  • DoS/DDoS incidents surged in 2023, including large-scale attacks (e.g., NATO site disruptions) and record-breaking traffic peaks (over 2.3 Tbps).
  • Cloud security incidents grew sharply, with misconfigurations leading to many exposures and more than half of stolen data coming from cloud assets in 2023.
  • Supply chain attacks increased 42% in 2023, with MOVEit, 3CX, and GoAnywhere as prominent examples; breaches often took months to identify and cost millions.
  • Zero-day and RCE vulnerabilities remained a core threat vector (e.g., CVE-2023-24489, CVE-2023-27997, CVE-2023-20887), underscoring the urgency of patching and vulnerability management.
  • State-sponsored espionage and cyber warfare (APTs like Cozy Bear, Sandworm, APT40) continued to target governments and critical sectors, with substantial data exfiltration and operational impact.

MITRE Techniques

  • [T1566] Phishing – Identity-based Attacks – The article notes rising identity threats including phishing and credential stuffing, increasingly aided by AI. Quote: “…phishing, social engineering, and credential stuffing, is rising, often facilitated by advances in generative AI.”
  • [T1195] Supply Chain – Supply Chain Compromise – MOVEit Transfer and other third-party software breaches illustrate supply-chain risk. Quote: “The MOVEit Transfer software experienced a critical security breach due to a zero-day vulnerability that permitted remote code execution.”
  • [T1203] Exploitation for Client Execution – Zero-day vulnerabilities enabling remote code execution. Quote: “unauthenticated arbitrary file uploads and enable remote code execution.”
  • [T1499] Endpoint Denial of Service – DoS/DDoS attacks driving disruption. Quote: “The most significant DDoS attack recorded in 2023 peaked at over 2.3 terabits per second.”
  • [T1041] Exfiltration – Exfiltration of data from malware/compromise. Quote: “global data leaks caused by stealer malware were predominantly due to Redline, accounting for approximately 76.96% of incidents.”
  • [T1003] Credential Dumping – Stealer malware extracting credentials. Quote: “stealer malware enables covert extraction of sensitive data, including login credentials.”

Indicators of Compromise

  • [Threat Actor] – LockBit3.0, ALPHV/Blackcat, Cl0p, KillNet, APT29 (Cozy Bear), Sandworm, APT40
  • [Target/Organization] – United States, NATO, BMW
  • [Vulnerability/Exploit] – CVE-2023-24489, CVE-2023-27997, CVE-2023-20887, CVE-2023-38831, CVE-2021-44228, CVE-2021-21985
  • [Software/Technology] – MOVEit Transfer, GoAnywhere MFT, VMware ESXi, 3CX, AWS CloudFormation
  • [Incident/Attack Vector] – Ransomware campaigns (MOVEit/Cl0p), Phishing campaigns against Microsoft, DDoS on NATO, Cloud misconfig exposures

Read more: https://socradar.io/top-10-cyber-threats-in-2024-ciso-edition/