The information security industry is on high alert due to a surge in sophisticated cyber threats. Modern cyberattacks now leverage advanced techniques, including malware, phishing, machine learning, artificial intelligence, and cryptocurrency, posing significant risks to the data and assets of corporations, governments, and individuals.
The Domain Name System (DNS), originally designed to connect users to websites and applications efficiently, is increasingly crucial in the cybersecurity landscape. Though its primary function is to resolve domain names to IP addresses, DNS is being scrutinized for its role in security. Every day, users unknowingly rely on DNS billions of times for tasks such as connecting to websites, opening apps, or updating software.
Cybercrime’s cost reached $8 trillion in 2023 — translating to over $250,000 per second — and is projected to rise to $10.5 trillion by 2025. – Cybersecurity Ventures report
Ransomware remains a significant concern, affecting 66% of organizations in 2023, according to Deloitte’s Annual Cyber Threat report. Although global law enforcement efforts are intensifying against ransomware groups, and a decrease in ransom payments has been observed, the threat persists. Additionally, identity-based initial access techniques have become more prevalent, with abuse of valid credentials now responsible for 44.7% of data breaches, up from 41.6% in 2022.
Threat actors are also evolving their tactics, combining new methods with traditional techniques. For instance, malware is now being distributed through infected USB drives and old source code is being repurposed to create new variants of Mirai and Bashlite, targeting emerging Internet of Things (IoT) infrastructures.
Also Read: CIO Influence Interview with Arlette Hart, VP, Threat Advisory Services, Appgate
Key Insights from Cisco’s ReportÂ
The most prevalent threat categories were Information Stealers, Trojans, and Ransomware, each with average monthly blocks in the hundreds of millions.
- Information Stealer: 246 million
- Trojan: 175 million
- Ransomware: 154 million
- RAT (Remote Access Trojan): 46 million
- APT (Advanced Persistent Threat): 40 million
- Botnet: 31 million
- Dropper: 20 million
- Backdoor: 14 million
Types of Cybersecurity Threats
As digital environments advance, so too do the threats targeting them. These threats can be categorized into several types, each with distinct characteristics and attack methodologies:
- Malware remains a dominant threat, including various forms such as viruses, ransomware, and spyware. These malicious programs can disrupt operations, steal sensitive information, or damage systems.
- Social Engineering exploits human behavior to gain unauthorized access to information and systems. Phishing, a common form of social engineering, deceives users into revealing confidential data.
- Insider Threats originate from within an organization and can be either accidental or intentional. These threats are particularly dangerous as they circumvent traditional security measures by leveraging legitimate access.
- Advanced Persistent Threats (APTs) are sophisticated, covert, and prolonged attacks aimed at specific targets to steal data or disrupt operations, often remaining undetected for extended periods.
- Distributed Denial of Service (DDoS) Attacks overwhelm systems with massive volumes of internet traffic, disrupting services and potentially serving as a distraction for more severe attacks.
- Ransomware attacks encrypt the victim’s data and demand a ransom for decryption keys. Such attacks can incapacitate essential systems and require substantial financial compensation to resolve.
- Man-in-the-Middle (MitM) Attacks intercept and potentially alter communications between two parties, aiming to steal or manipulate sensitive information.
- Supply Chain Attacks target software or hardware before it reaches the end-user, exploiting trusted relationships to compromise systems and data.
Also Read: Mind the Gap: From Awareness to Action in Cyber Collaboration
Current Threat Vectors and Security Observations
Zero-Day ExploitsÂ
In 2023, Deloitte’s Security Operations Center (SOC) observed a rising trend in the exploitation of zero-day vulnerabilities, particularly targeting internet-facing edge devices like firewalls and Virtual Private Networks (VPNs). These vulnerabilities are often less monitored, providing threat actors with prolonged, undetected access. Notably, zero-day exploits were prominent in managed file transfer (MFT) services, particularly affecting US-based organizations. Nation-state actors have demonstrated greater proficiency in exploiting these vulnerabilities, possibly due to overlapping state-sponsored cyber operations and mandatory reporting laws.
Dynamic Link Library (DLL) Abuse
Rundll32 and DLL file techniques are employed to execute payloads, escalate privileges, and evade defenses. USB DLL infections, delivering the Gamarue malware/botnet family, have been particularly prevalent. Despite being an older threat vector, USB infections remain effective, as demonstrated by recent cases involving Gamarue and Raspberry Robin. This tactic, often overlooked, continues to be a significant threat due to its ability to bypass security measures through removable storage devices.
Targeting of Cloud Services
Cloud environments, especially Software-as-a-Service (SaaS) and cloud-based storage services, were major targets in 2023. SaaS attacks accounted for 39% of cloud-related incidents, while cloud storage services were targeted in 36% of cases. These attacks frequently result in data breaches, affecting 39% of businesses impacted by cloud-based threats. Threat actors increasingly use valid accounts to gain initial access, contributing to 43% of cloud intrusions. Challenges include unmanaged attack surfaces, human error, and misconfigurations within cloud infrastructure, exacerbated by the use of non-human credentials such as API keys and service accounts.
Business Email Compromise (BEC)
Business Email Compromise (BEC) saw a significant increase in 2023, with the FBI’s Internet Crime Complaint Centre (IC3) reporting $51 billion in losses from 2013 to 2022. BEC attacks surpassed malware delivery in the first half of 2023, rising by 55% compared to the latter half of 2022. Additionally, Vendor Email Compromise (VEC) increased by 137% within the financial services sector. VEC attacks exploit compromised vendor email accounts to craft convincing impersonations and fraudulent requests, often bypassing employee vigilance and spam filters by mimicking legitimate business communications.
Top Cyber Threats to Know
#Threat 1 Ransomware
Ransomware is a form of malware that encrypts files on a victim’s computer or network, rendering them inaccessible until a ransom is paid. Victims face the threat of permanent data loss or exposure if the ransom is not met. LockBit is a prominent ransomware variant, responsible for over 25 percent of posts on data leak sites. In February 2024, an international law enforcement task force temporarily disrupted LockBit’s operations. However, the group quickly resumed its activities, employing new servers and encryptors, underscoring the resilience and persistence of ransomware threats in the cybersecurity landscape.
#Threat 2 Information Stealers
Information stealers, a growing cyber threat, are designed to extract personal and financial data from infected systems. These malicious programs capture keystrokes, steal browser data such as passwords and cookies, and exfiltrate files. A prominent example is Redline, first identified around 2020, which targets stored passwords, credit card information, cryptocurrency wallets, VPN credentials, and more. Delivered via email, malvertising campaigns, or exploit kits, Redline has been increasingly used by cybercriminal groups targeting the gaming community. These attackers often use fake Web3 gaming lures to infiltrate both macOS and Windows systems, making information stealers a significant risk in today’s digital landscape.
#Threat 3 Remote Access Trojans (RATs)
Remote Access Trojans (RATs) are a type of malware that grants attackers full control over infected devices, enabling them to carry out a range of malicious activities. One of the earliest known RATs, Gh0st RAT, has been used in targeted espionage campaigns since 2009. Renowned for its stealth and difficulty to detect, it has evolved over the years. In 2023, a new variant called “SugarGh0st” emerged, targeting the Uzbekistan Ministry of Foreign Affairs and users in South Korea. SugarGh0st is a customized version of Gh0st RAT, featuring modified commands and communication protocols, highlighting the adaptability and persistent threat posed by RATs in modern cyber espionage campaigns.
#Threat 4 Advanced Persistent Threats (APTs)
Advanced Persistent Threats (APTs) are highly sophisticated and targeted cyberattacks, often orchestrated by state-sponsored groups or well-funded cybercriminals. These threats aim to steal sensitive information or disrupt operations within specific organizations or nations. APTs are known for their persistence, often remaining undetected in networks for extended periods. Cisco Talos Threat Intelligence recently identified “TinyTurla-NG,” a new threat developed by the Russian cyber espionage group Turla. This backdoor, similar in style and functionality to Turla’s previous implant, “TinyTurla,” is designed as a last-resort access point when other unauthorized entry methods have been detected or failed. The persistence and complexity of APTs make them one of the most formidable threats in the cybersecurity landscape.
#Threat 5 Botnets
Botnets represent a significant cybersecurity threat, consisting of networks of infected computers, or “bots,” controlled remotely by a threat actor known as a “botmaster.” These compromised systems can be used to carry out various malicious activities, including launching Distributed Denial-of-Service (DDoS) attacks, sending spam, stealing data, and spreading additional malware. Botnets operate without the knowledge of the computer owners, making them a pervasive and dangerous tool in cybercriminal arsenals.
#Threat 6 Droppers
Droppers are a specialized form of malware designed to deliver and install additional malicious software onto a target system. While the dropper itself may not directly cause harm, it plays a critical role in evading detection and establishing a foothold within the system. Once in place, the dropper discreetly downloads and executes other harmful programs. An example is “xHelper,” a dropper that emerged in 2019, targeting Android devices. Notorious for its persistence, xHelper could reinstall itself even after manual r****** attempts or factory resets, allowing it to download and install other malicious applications capable of various nefarious activities.
#Threat 7 Trojans
Trojans are a form of malware that deceives users by posing as legitimate software. Once installed, they enable cybercriminals to spy on victims, steal sensitive data, and gain unauthorized access to systems. Qakbot is a prime example of a sophisticated Trojan, known for stealing banking credentials and personal information. Over time, Qakbot has evolved with enhanced evasion and propagation techniques. It can spread across networks by exploiting vulnerabilities and using brute force attacks on account credentials, making it a significant threat to corporate networks. Trojans remain a pervasive and adaptable threat in the cybersecurity landscape, continually evolving to bypass defenses and compromise sensitive data.