Financially-Motivated Threat Actor-Including ransomware Crews – remain the single biggest source of cyber threat in the world, accounting for 55% of Active Threat Groups Tracked DURING 2024, up two percentage points on 2023 and 7% on 2022, Demonstruating Theater Crime really does, to a certain extent, pay.
At least, this is according to Google Cloud's Mandiant, which has this week released Its latest M-Trends ReportAnnual, in-depth deep dive into the cyber security world.
The dominance of cyber crime is not in and its Surprise, and according to Mandinal, Cyber Criminals are among the more complex, diverse, and toled up thret in the process.
Cyber Threats Continue to TREND TOWARATER Complexity and, AS Ever, Are Impacting A DiversE Set of Targeted Industries, “Said Mandiant Consulting Emea Managing Director, Stuart McKenzie.
“Financially Motivated Attacks are Still the Leading Category. While Ransomware, Data TheFT and Multifaceted Extortion are and will continue to be significant global cybercrime concerns, who Also tracking the risk in the adoption of infostealer malware and the development exploitation of web3 technologies, including cryptocurrency.
McKenzie Added: “The Increasing Sophistication and Automation Offred by Artificial Intelligence are further exacerbating these threats by enabling more targeted, evasive, and widerespread atakks Proactively Gather Insights to Stay ahead of these trends and implement processes and tools to continuously collect and analyse threat intelligence from diverse sources. “
The most common means for threat actors to access their victim environments last year was by exploiting Disclosed vulnerabilities – 33% of intrusions began in this way worldwide, and 39% in Emea. In Second Place, Using Legitimate Credentials Obtained by Deception or Theft, Seen in 16% of Instances, Followed by Email Phishing in 14% of Incidents, Web Compromises in 9%, and revoling Promieses in 8%.
The landscape in emea different slightly to this, with email phishing opening the doors to 15% of Cyber Attacks, and Brute Force Attacks 10%.
Once ENSCONCED Within Their Target Environments and Able to Get to work, Threat actors took a global average of 11 days to estable the land of the land, Conduct Lateral Movement, and Line Up his Final Course. This period, knowledge in the security world as dwell time, was up approximately 24 hours on 2023, but down significantly on 2022when cyber criminals hung out for an average of 16 days. Anecdotal Evidence Suggessts that Technological Factors Including, Possibly, The Adoption of Ai by Cyber Ne'er-Do-Wells, May have something to do with this drop.
Interestingly, Median Dwell Times in Emea Were Significantly Higher Than the Worldwide Figure, Clocking in at 27 Days, Five Days longer than in 2022.
When threat actors were discovered inside someone's it estate, the victims tended to learn about it from an external source – think as an ethical hacker, a penetration Testing or rede taming expercise, aterat Intelligence Organization Like Mandiant, or in many institutes an actual ransomware gang – in 57% of cases. The remaining 43% washed internal by security teams and so on. The Emea Figures Differed Little from this.
Nation-State Threats: Noisy but Less Impactful
Nation-State Threat Actor, or Advanced Persistent Threat (APT) Groups Create a Lot of Noise and Generate a Lot of Attention in the Cyber Security World by Dint of the Lingering Romance SpyCiated God in more practical terms, the frractious global geopolitical environment.
However, compared to his cyber criminal counterparts, they represent just 8% of threat activity, which is actually a couple of permentage points lower than it was two yers ago.
Mandiant Tracked Four active Advanced Persistent Threat (APT) Groups in 2024, And 297 Unclassified (UNC) Groups – meaning not enough information is really available to making to, so this could include potential apts.
Indeed there is significant overlap in this region and mandiant has on Occasion upgraded some groups to full-fledged Apts-Such as Sandworm, Which now goes by Apt44 in its threat actor classification scheme.
APT44 is one of the four active Apts observed in 2024. Infamous for its attacks on Ukrainian Infrastructure in Support of Russia's's Invurse, Apt44 has long support the kremlin's And was involved in some of the largest and most devastating cyber attacks to date, Including the Notpetya Incident.
Also newly-designated in 2024 waspt45Operating on Behalf of the North Korean Regime and described by Mandiant as a “Modertly Sophisticated” operator active since about 2009.