ReliaQuest 2024 Annual Threat Report

Keypoints

• Cybersecurity reports from major vendors typically include an introduction, executive summary, threat insights, detailed incident analysis, and strategic recommendations, structured to provide both high-level overviews and technical details.
• Annual reports highlight key statistics such as mean time to respond (MTTR), total incidents, and the prevalence of various attack techniques, with 2023 data showing organizations reduced their average incident response time significantly through automation and AI.
• Notable trends include the surge in social engineering attacks, particularly QR code phishing, and an increase in Business Email Compromise campaigns, often leveraging phishing-as-a-service platforms.
• Critical findings reveal that initial access frequently results from drive-by compromises and user error, with cybercriminals extensively exploiting vulnerabilities, especially on web servers and internet-facing infrastructure.
• Advanced TTPs like Living off the Land Binaries (LOLBins) and misuse of legitimate protocols (e.g., RDP, SMB) continue to enable lateral movement and persistence, while threat actors increasingly automate attack workflows with AI tools.
• Extortion activities have reached record heights, with groups like LockBit and Clop targeting hundreds of organizations via ransomware and data theft, amplified by sophisticated double extortion tactics and zero-day exploits.
• The reports also underscore persistent threat actor focus on financially motivated motives, with impacts including data theft, disruption, and extensive ransomware deployment across critical sectors.