Blackpoint Cyber Annual Threat Report 2024

Keypoints

• Major cybersecurity vendors publish comprehensive annual reports structured into sections like executive summaries, threat landscape analysis, threat actor profiles, case studies, and future predictions, providing a holistic view of cybersecurity trends.
• Key statistics reveal a 64% increase in ransomware double extortion attacks from 2022 to 2023, with LockBit accounting for nearly 50% of ransomware incidents, indicating their dominance.
• In 2023, threat actors significantly exploited remote management tools (RMM), with over 1,000 observed LotL instances, driven by increased use of native binaries like PowerShell for stealth and lateral movement.
• Supply chain attacks rose, leveraging trust relationships between vendors and organizations, while initial access attempts via phishing, stolen credentials, and vulnerabilities remained prevalent.
• Cloud security incidents escalated, with 78.78% being cloud-related, dominated by VPN abuse and credential access, emphasizing the need for robust cloud defenses.
• Threat actor profiles highlight groups like LockBit, BlackCat, and QakBot, each employing sophisticated tactics such as exploitation of public-facing apps, social engineering, and data exfiltration techniques.
• Case studies demonstrate the effectiveness of managed detection and response (MDR) in countering advanced threats like the Citrix Bleed vulnerability, showcasing rapid response within minutes of detection.
• The report underscores the critical importance of layered defense strategies (Defense in Depth), continuous monitoring, quick incident response, and understanding threat actor behaviors to enhance resilience.