- Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS)
continue to dominate the threat landscape
- Email phishing remains a top threat, with 17.8 million phishing
emails detected between December 2023
and July 2024, and 62% bypassing
DMARC checks designed to safeguard against unauthorized use
- Emergence of new threats such as Qilin ransomware and increased
exploitation of edge infrastructure vulnerabilities
CAMBRIDGE, United Kingdom, Aug. 6, 2024
/PRNewswire/ -- Darktrace, a global leader in cybersecurity AI, has
today released its "First 6: Half-Year Threat Report 2024,"
identifying key threats and attack methods facing businesses across
the first half of 2024. These insights, observed by Darktrace's
Threat Research team using its unique Self-Learning AI across its
customer fleet, shed light on the persistent nature of cyber
threats and new techniques adopted by attackers attempting to
sidestep traditional defenses.
![Darktrace (PRNewsfoto/Darktrace) Darktrace (PRNewsfoto/Darktrace)](https://mma.prnewswire.com/media/2352900/Darktrace_logo_Logo.jpg)
"The threat landscape continues to evolve, but new threats often
build upon old foundations rather than replacing them. While we
have observed the emergence of new malware families, many attacks
are carried out by the usual suspects that we have seen over the
last few years, still utilizing familiar techniques and malware
variants," comments Nathaniel Jones,
Director of Strategic Threat and Engagement at Darktrace. "The
persistence of MaaS/RaaS service models alongside the emergence of
newer threats like Qilin ransomware underscores the continued need
for adaptive, machine learning powered, security measures that can
keep pace with a rapidly evolving threat landscape."
Cybercrime-as-a-Service continues to pose significant risk
for organizations
The findings show that cybercrime-as-a-service continues to
dominate the threat landscape, with Malware-as-a-Service (MaaS) and
Ransomware-as-a-Service (RaaS) tools making up a significant
portion of malicious tools in use by attackers.
Cybercrime-as-a-Service groups, such as Lockbit and Black Basta,
provide attackers with everything from pre-made malware to
templates for phishing emails, lowering the barrier to entry for
cybercriminals with limited technical knowledge.
The most common threats Darktrace observed from January to
June 2024 were:
- Information-stealing malware (29% of early triaged
investigations)
- Trojans (15% of investigated threats)
- Remote Access Trojans (RATs) (12% of investigated threats)
- Botnets (6% of investigated threats)
- Loaders (6% of investigated threats)
The report also reveals the emergence of new threats alongside
persistent ones. Notably, the rise of Qilin ransomware, which
employs refined tactics such as rebooting infected machines in safe
mode to bypass security tools and making it more difficult for
human security teams to react quickly.
Per the report, double extortion methods are now prevalent
amongst ransomware strains. As ransomware continues to be a top
security concern for organizations, Darktrace's Threat Research
Team has identified three predominant ransomware strains impacting
customers: Akira, Lockbit and Black Basta. All three have been
observed using double extortion methods.
Email phishing and sophisticated evasion tactics rise
Phishing remains a significant threat to organizations.
Darktrace detected 17.8 million phishing emails across its customer
fleet between December 21, 2023, and
July 5, 2024. Alarmingly, 62% of
these emails successfully bypassed Domain-based Message
Authentication, Reporting, and Conformance (DMARC) verification
checks which are industry protocols designed to protect email
domains from unauthorized use, and 56% passed through all existing
security layers.
The report highlights how cybercriminals are embracing more
sophisticated tactics, techniques and procedures (TTPs) designed to
evade traditional security parameters. Darktrace observed an
increase in attackers leveraging popular, legitimate third-party
services and sites, such as Dropbox and Slack, in their operations
to blend in with normal network traffic. Additionally, there's been
a spike in the use of covert command and control (C2) mechanisms,
including remote monitoring and management (RMM) tools, tunneling,
and proxy services.
Edge infrastructure compromise and exploitation of critical
vulnerabilities are top concerns
Darktrace observed an increase in mass-exploitation of
vulnerabilities in edge infrastructure devices, particularly those
related to Ivanti Connect Secure, JetBrains TeamCity, FortiClient
Enterprise Management Server, and Palo Alto Networks PAN-OS. These
compromises often serve as a springboard for further malicious
activities.
It is imperative that organizations do not lose sight of
existing attack trends and CVEs – cybercriminals may resort to
previous, predominately dormant methods to trick organizations.
Between January and June, in 40% of cases investigated by the
Threat Research team, attackers exploited Common Vulnerabilities
and Exposures (CVEs).
For more in-depth analysis, download the First 6: Half-Year
Threat Report 2024 at
www.darktrace.com/resources/first-6-half-year-threat-report-2024.
ABOUT DARKTRACE
Darktrace (DARK.L), a global leader in cybersecurity artificial
intelligence, is on a mission to free the world from cyber
disruption. Breakthrough innovations from our R&D teams in
Cambridge, UK, and The Hague, Netherlands have resulted in over
200 patent applications filed. Rather than study historic attacks,
Darktrace's technology continuously learns and updates its
knowledge of your business data and applies that understanding to
help transform security operations to a state of proactive cyber
resilience. The Darktrace ActiveAI Security Platform™ provides a
full lifecycle approach to cyber resilience that can autonomously
spot and respond to known and unknown in progress threats within
seconds across the entire organization, including cloud, apps,
email, endpoint, network and operational technology (OT).
Darktrace, which listed on the London Stock Exchange in 2021,
employs over 2,400 people around the world and protects over 9,700
customers globally from advanced cyber threats. To learn more,
visit https://darktrace.com/.
View original content to download
multimedia:https://www.prnewswire.com/news-releases/darktrace-half-year-threat-report-2024-reveals-persistent-cybercrime-as-a-service-threats-amidst-evolving-attack-landscape-302214955.html
SOURCE Darktrace