Darktrace’s 2024 Annual Threat Report

Keypoints

• The report is structured into sections covering methodology, threat landscape overview, major attack campaigns, ransomware trends, industry-specific threats, and recommendations, providing a detailed landscape of cybersecurity developments in 2024.
• Highlighted statistics include a surge in vulnerabilities over 29,000 in 2024, with over 1,200 actively exploited according to CISA’s KEV catalog, indicating intensified focus on exploiting known security flaws.
• Key trends show a shift toward targeting critical national infrastructure (CNI), with threat actors using sophisticated techniques such as Living-off-the-Land (LOTL) methods, and exploiting internet-facing devices like firewalls and ICS/OT systems.
• Major attack campaigns involved exploitation of zero-day vulnerabilities in edge devices including Palo Alto PAN-OS, Ivanti Connect Secure, and Fortinet FortiManager, with observed malware like Spark backdoor and Cobalt Strike tools.
• The ransomware landscape evolved with novel strains such as Lynx and RansomHub, with an increased average ransom payment of USD 2.73 million, and tactics like double extortion, phishing, and leveraging legitimate remote management tools for lateral movement and exfiltration.
• Threat actors are increasingly exploiting SaaS credentials, employing DNS tunneling, and targeting specific sectors like energy and healthcare for both financial and geopolitical objectives, demonstrating adaptive and persistent attack strategies.
• Overall, the report emphasizes the growing importance of vulnerability management, proactive threat hunting, and multi-layered defense to counter advanced and increasingly evasive cyber threats in 2024 and beyond.