ReliaQuest is proud to announce the publication of the 2024 edition of the Annual Threat Report (ATR), which offers a comprehensive overview of the ever-evolving cyber threat landscape. In the report, we cover the key cyber threats and events we observed in 2023 and provide a quantitative and qualitative analysis of our findings. This report aims to empower defenders with the tools and insights they need to anticipate and defend against evolving cyber threats.
In this blog, we’ll cover some of the key findings from the report and where we see things going next.
TTP Trends
- 71.1% of observed attacker tactics, techniques, and procedures (TTPs) involved the use of spearphishing links or attachments. Of particular concern is a sharp rise in QR code phishing (quishing) which increased 51% last year compared to the previous eight months.
- ReliaQuest observed a significant number of incidents involving drive-by compromise, whereby individuals downloaded disguised malicious files—in most cases via the SocGholish and SolarMarker malware.
- ReliaQuest has observed a 246% increase in BEC attacks, primarily involving phishing emails aimed at deceiving employees into making fraudulent payments. These attacks have increased due to the adoption of phishing-as-a-service (Phaas) offerings, such as BulletProofLink, which streamline and facilitate operations.
- We identified a significant threat from threat actors using Living off the Land (LotL) techniques. In such incidents threat actors seek to obfuscate their activity via defense evasion techniques, such as log clearing and infiltrating PowerShell. In an intrusion ReliaQuest observed in April 2023, a Chinese state-sponsored threat group primarily focused on using LotL commands to blend into a company’s environment. The group’s discreet LotL activity allowed them to maintain access for more than a month.
Overall Trends
- Extortion activity increased by 74.3% in 2023, setting a new record for the number of companies listed on ransomware data-leak sites. LockBit alone named over 1,000 companies on its data-leak site during the year, shattering past records.
- We discovered more than 6 billion leaked credentials from data breaches, bringing the total to 36 billion and counting.
- The use of AI to evolve attacks is gaining significant attention among major cybercriminal forums, with growing interest in weaponizing this technology. ReliaQuest has found dedicated AI and machine-learning sections of these sites that detail criminal alternatives to mainstream chatbots, such as FraudGPT and WormGPT, and discussions hinting at the development of simple malware and distributed denial of service (DDoS) queries using these options.
- ReliaQuest has noted that a growing number of threat actors are automating various stages of their attacks, or the entire attack chain—in particular, the Citrix Bleed exploitation. In one observed incident, we identified a threat actor using automation to assist with parsing for sensitive data.
- On the defensive side, we saw that customers using at least some level of AI and automation saw a reduction in their MTTR to 58 minutes, which is down 98.8% from 2022. Those who are fully leveraging AI and automation have brought their MTTR down to 7 minutes or less.
The Takeaway
Cyber threats are not only proliferating at an unprecedented rate but are also advancing in complexity, significantly narrowing the window for defenders to preempt and neutralize potential cyber attacks. This reality underscores the purpose of our 2024 Annual Cyber-Threat Report, which is meant to arm defenders with critical strategies and actionable intelligence tailored to counteract these evolving threats effectively. By dissecting attacker TTPs and showcasing real-world case studies, the report highlights the trajectory of threat evolution over the past year, offering invaluable insights for bolstering cybersecurity defenses.
Our research is dedicated to empowering security teams with the knowledge and tools necessary to anticipate and mitigate cyber risks. By providing a comprehensive analysis of current threats and forecasting emerging trends, we aim to make security possible for organizations. This commitment reflects our mission to help organizations increase visibility, reduce complexity, and manage risk, paving the way toward a future where strategic and informed defense actions profoundly mitigate the influence of cyber threats on global security.