Threat Research

Securonix Threat Labs 2024 Annual Autonomous Threat Sweeper Intelligence Insights

Securonix
Securonix Threat Labs 2024 Annual Autonomous Threat Sweeper Intelligence Insights

The 2024 Annual Cyber Threat Report reveals a significant increase in cyber threats, including advanced persistent threats (APTs) and evolving tactics used by attackers. Key incidents include the resurgence of LockBit ransomware, exploitation of vulnerabilities in widely-used technologies, and notable data breaches affecting major organizations. Affected: Ivanti Connect Secure, GlobalProtect, CrowdStrike, Snowflake, Palo Alto Networks

Keypoints :

  • Emerging threats exploit vulnerabilities in Ivanti Connect Secure and GlobalProtect VPN.
  • Chinese state-sponsored hackers target defense and government entities.
  • New APT groups like Actor240524 focus on healthcare and financial sectors.
  • Cybercriminals utilize cloud services for malware distribution.
  • Advanced backdoors like SUBTLE-PAWS and EDRKillShifter pose significant risks.
  • Critical infrastructure vulnerabilities highlighted by CrowdStrike outage and FortiManager exploits.
  • Increased sophistication in phishing and social engineering attacks.
  • LockBit ransomware resumes operations with upgraded encryptors.
  • Snowflake data breach impacts millions due to weak authentication methods.
  • Cyberattack on MITRE’s NERVE Network showcases advanced exploitation techniques.

MITRE Techniques :

  • Initial Access (T1078): Exploitation of Ivanti Connect Secure vulnerabilities for unauthorized access.
  • Execution (T1059): Use of PowerShell and VBScript malware in various campaigns.
  • Persistence (T1543): Deployment of the SUBTLE-PAWS PowerShell backdoor in Ukraine.
  • Privilege Escalation (T1068): Exploitation of vulnerabilities in Palo Alto Networks PAN-OS.
  • Defense Evasion (T1562): DLL sideloading techniques to evade detection.
  • Credential Access (T1003): Credential theft via infostealing malware during the Snowflake breach.
  • Command and Control (T1071): Use of cloud services for command-and-control operations.

Indicator of Compromise :

  • [domain] ivanti.com
  • [domain] paloaltonetworks.com
  • [url] breachforums.com
  • [file hash] SHA256 hash of LockBit encryptor
  • [file name] CrowdStrike Falcon.zip
  • Check the article for all found IoCs.

Full Research: https://www.securonix.com/blog/securonix-threat-labs-2024-annual-autonomous-threat-sweeper-intelligence-insights/

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint