The 2024 Expel Threat Report highlights the dominance of identity-based threats, which accounted for 64% of incidents and increased significantly from 2022. It also emphasizes rising cloud infrastructure risks, malware threats, and sophisticated phishing techniques, providing insights and strategies for organizations to enhance security. #ScatteredSpider #AmazonCognito
Keypoints
- The annual cybersecurity reports from major vendors typically include sections such as executive summaries, incident statistics, threat trends, industry-specific risks, and future predictions, providing comprehensive insights into the evolving cyber landscape.
- 2024 reports reveal that identity threats remain the top concern, comprising 64% of all security incidents, with a 144% increase in volume from the previous year, primarily via malicious logins from suspicious infrastructure.
- Phishing remains a prevalent attack vector, with a notable rise in phishing-as-a-service platforms and QR code phishing tactics, especially targeting mobile devices and personal endpoints.
- Cloud infrastructure incidents surged by 72%, mainly due to leaked or stolen cloud credentials; misconfigurations of services like AWS Cognito enable significant breaches, highlighting the importance of proper setup and continuous monitoring.
- Malware threats, particularly pre-ransomware variants like Gootloader, Qakbot, and SocGholish, pose immediate risks, often delivered via malicious scripting files or through shadow IT and malvertising campaigns.
- Zero-day vulnerabilities such as CVE-2023-34362 and CVE-2023-4966 highlight the need for layered security controls, especially in high-impact environments like hospitality and finance industries targeted by specific campaigns.
- Attackers increasingly leverage script-based malware, malicious ads, and compromised third-party software, emphasizing the importance of defense-in-depth, user education, and strong authentication policies.
- Industry-targeted trends include high phishing activity in hospitality, travel, and financial services, with threat groups like βThe Comβ specializing in impersonation and MFA fatigue tactics to breach organizational defenses.
- Major insights stress proactive risk management, awareness of attack techniques, and adopting tight security controls such as phishing-resistant MFA, conditional access, and vigilant monitoring of login anomalies to protect organizational assets.
Source: Awesome Annual Security Reports - The reports in this collection are limited to content which does not require a paid subscription, membership, or service contract. (https://github.com/jacobdjwilson/awesome-annual-security-reports/)