Guest blog courtesy of CYRISMA.
As we approach the end of the year, we’ve begun to analyse some of the more prominent cybersecurity reports that came out in 2024 to identify threat trends.
In this blog post, we collate key findings from:
The Threat Landscape in 2024
Here are our top observations about data breaches, vulnerability exploitation trends, ransomware, DDoS attacks, AI-use by both criminals and defenders, and more.
Data Breach Costs Continue to Rise
- The global average cost of a data breach increased by 10% from 2023 to 2024, reaching USD 4.88 million driven by increased business disruption and post-breach expenses.
- The United States, as before, had the highest average data breach cost at USD 9.36 million
- Organizations are passing on these costs to customers, potentially impacting their competitiveness in inflationary markets.
Vulnerability Exploitation Common Root Cause of Attacks
- 19,754 vulnerabilities were identified from July 2023 to June 2024, with 9.3% categorized as critical and 21.8% as high.
- The use of vulnerabilities as a critical path to initiate a breach has seen a substantial increase, almost tripling from last year. This trend is largely attributed to the widespread impact of zero-day vulnerabilities like MOVEit.
- Exploited vulnerabilities remained the most common root cause of ransomware attacks.
- Ransomware attacks originating from unpatched vulnerabilities had more severe consequences, including higher ransom demands and longer recovery times.
DDoS Attack Trends
- Application-layer DDoS attacks became more common, posing greater risks to business availability. These attacks are stealthier, more sophisticated, and harder to mitigate than network-level attacks.
- DDoS-as-a-Service or DDoS-for-Hire: Unskilled users could launch large-scale DDoS attacks using readily available services, making it easier for individuals and groups to engage in this type of cybercrime.
- In Europe, DDoS attacks and ransomware were the most common threats, accounting for over half of observed incidents. The high prevalence of DDoS attack was partly due to ongoing geopolitical tensions.
GenAI used for both Defense and Cybercrime
- AI has been used by threat actors for mass content production for phishing, disinformation and influence campaigns; amplifying threats by means such as automated malware generation and C&C infrastructure, which has further lowered barriers to entry for amateur operators
- It has also been extremely effective at finding, researching and carrying out campaigns against lucrative targets, and impersonation (deepfakes, faster research on individuals, spear phishing email creation at scale)
- At the defense end, organizations that applied security AI and automation lowered breach costs by an average of USD 2.2 million.
- These solutions help identify and contain breaches faster, reducing the overall impact.
- There has also been emphasis on the need for better data governance for secure and compliant use of the data accessed, handled and generated by GenAI platforms and avoiding the proliferation of shadow data.
Ransomware Trends
The overall rate of ransomware attacks decreased slightly from previous years, with 59% of organizations affected in 2024.
Ransomware and extortion together accounted for 32% of breaches. While traditional ransomware attacks have declined slightly, the overall impact of these threats has grown due to the increasing prevalence of extortion techniques.
Ransom Demands and Payments:
- Ransom demands averaged $4.3 million, with a significant portion (63%) exceeding $1 million.
- Victims didn’t always pay the amount demanded, with 44% negotiating lower payments.
- Insurance providers were involved in 83% of ransom payments, but rarely covered the full amount.
Ransom Funding:
- Ransom funding often involved multiple sources, with the organization itself being the primary contributor.
- Insurance providers played a significant role, covering 23% of ransom payments on average.
Impact on Computers:
- On average, ransomware attacks affected just under half of an organization’s computers.
- The impact varied by organization size and industry, with larger organizations and certain sectors experiencing more extensive damage.
Root Causes:
- Exploited vulnerabilities remained the most common root cause of ransomware attacks.
- Email-based approaches, including phishing and malicious emails, were also significant factors.
- Attacks originating from unpatched vulnerabilities had more severe consequences, including higher ransom demands and longer recovery times.
Supply Chain Threats
- Breaches involving third parties, including partner infrastructure and software supply chain issues, increased significantly, reaching 15% this year. This was primarily driven by the exploitation of zero-day vulnerabilities for ransomware and extortion attacks.
- In many cases, social engineering attacks were used to target supply chains, exploiting vulnerabilities in open-source projects and software development processes.
Cybersecurity Skills Shortage Persists
- Around 53 percent of breached organizations faced severe security staffing shortages, contributing to increased breach costs.
- The average cost of a breach for organizations with security staffing shortages was $5.74 million, $860,000 higher than the global average.
Phishing and Social Engineering
- The human element, of which phishing is a critical part, was present in 68 percent of data breaches, according the Verizon DBIR.
- In ransomware incidents, specifically, email-based approaches, including phishing and malicious emails, continued to be significant entry points for ransomware actors. Threat actors used GenAI-as-a-Service, tools such as FraudGPT and large language models to co-author scam emails and generate malicious PowerShell scripts.
- The reporting rate of phishing went up, indicating increased awareness. However, the median time to click on a malicious link remains alarmingly low (under a minute), highlighting the need for continuous security awareness training and education.
Rise in Tech Scams and Living Off The Land (LOTL)
- Tech scams surged 400% from 2021 to 2023. These scams often involve impersonating legitimate services or using fake tech support and ads to trick users into revealing sensitive information.
- Threat actors were able to leverage trusted cloud services to evade detection and disguise their malicious activities.
Effective Data Breach Handling with AI and Law Enforcement Involvement
Two interesting findings revealed in the Cost of a Data Breach Report were that breach costs were significantly lower for organizations using AI and automation in their defense processes ($2.2 million lower than average) and for organizations that involved law enforcement agencies in breach handling ($1 million lower than average). Law enforcement also helped shorten the time to identify and contain breaches.
A Few Takeaways
The cyber risk landscape in 2024 was characterized by a complex interplay of existing and evolving threats as well as emerging technologies. Organizations must adapt their security strategies to address the challenges posed by unaddressed vulnerabilities, supply chain attacks, phishing, and the advanced toolset available to threat actors. The effective use of AI, coupled with robust data governance practices, foundational security controls and collaboration with law enforcement, can reduce risk to a great extent.
The use of AI for defense purposes, in particular, can become a key differentiator for organizations looking to stay ahead of cybercriminals. While AI can be a force multiplier for bad actors, it has also been shown to deliver great success in threat detection, reducing response time and minimizing the impact of cyber incidents.
In the coming weeks, we will delve deeper into some of the defense strategies that have been effective for security-focused organizations in 2024, and the lessons for 2025.
Protect Clients from a Majority of these Threats with CYRISMA!
Sign up before our PRICE MATCH OFFER ENDS!
The CYRISMA Platform combines essential cyber risk management and compliance features in a unified ecosystem, enabling you to expand your service portfolio while reducing costs!
Until January 31, 2025, we’ll match the lowest price you can find for a platform similar to CYRISMA (T&C Apply)
For offer details, email [email protected] or call us at +1 585 648 5453
