In its recently released 2024 Unit 42 Incident Response Report, Palo Alto Networks unveiled a comprehensive analysis of evolving security threats faced by organizations today. The report, based on data from over 250 organizations and more than 600 significant incidents, emphasizes a notable change in the tactics employed by cybercriminals.
"Threat actors are increasing their speed, scale and sophistication – and that requires rapid, comprehensive and proactive defense," said the Unit 42 team, illustrating the urgent need for organizations to adapt to this changing landscape. As they analyzed incident data, Unit 42 highlighted how the dynamics of cybercrime have shifted in the past year.
"Threat actors are increasing their speed, scale and sophistication – and that requires rapid, comprehensive and proactive defense,"
A striking observation from the report is the increased exploitation of internet-facing vulnerabilities, which served as the primary initial access vector in 39% of cases. This marked a notable rise from just 28% in the previous year, indicating that attackers are honing in on weaknesses in online infrastructures. Furthermore, the use of compromised credentials continues to pose a significant risk, aligning with shifting behavior patterns in cybercriminal tactics.
"We saw phishing less often used to drop malware, but it remains a tool in many intrusion techniques, including exploiting IT support and password reset processes, as well as session token theft," explained the report, indicating that while specific tactics may be declining in prevalence, they still play a role in various methods of intrusion.
In a broader context, the report notes a transition towards more opportunistic behavior among threat actors. "A majority of incidents involved threat actors exfiltrating as much data as they could find rather than seeking specific information," the report stated. This shift towards rapid, wholesale data collection underscores attackers' prioritization of speed and scale in their operations, moving away from targeted assaults.
"A majority of incidents involved threat actors exfiltrating as much data as they could find rather than seeking specific information,"
Another intriguing change highlighted by Unit 42 is the evolving methods of achieving initial access. Cybercriminals seem to be shifting strategies, particularly regarding phishing. The percentage of phishing-related incidents has dropped dramatically from one-third of cases in 2022 to just 17% in 2023. "This reduction signals a possible de-prioritization of phishing as cybercriminals adapt to more technologically advanced – and perhaps more efficient – infiltration methods," noted the report.
"This reduction signals a possible de-prioritization of phishing as cybercriminals adapt to more technologically advanced – and perhaps more efficient – infiltration methods,"
However, as phishing recedes, other methods are gaining traction. The use of previously compromised credentials as an initial access point surged from 12.90% to 20.50% over the same timeframe. Furthermore, traces of this trend trace back two years, during which the prevalence of compromised credentials has soared by over five times. "Marketplaces for stolen credentials remain vibrant, despite coordinated takedown efforts between law enforcement and private industry," the authors remarked, suggesting that this avenue is likely to persist as a major cyber threat.
"Marketplaces for stolen credentials remain vibrant, despite coordinated takedown efforts between law enforcement and private industry,"
By the Numbers
In addition to credential-related breaches, the report indicates a worrying uptick in the exploitation of software and API vulnerabilities, which accounted for 38.60% of initial access points in 2023. This statistic underscores the pressing need for organizations to bolster their defenses in these areas.
The overall implications of these trends necessitate a heightened awareness within the cybersecurity community. The Unit 42 team emphasized that businesses must not only adapt their existing defenses but also understand the broader landscape of threat tactics that are evolving at an unprecedented pace. "Data theft is now automated, with vulnerability exploitation becoming more streamlined," they concluded.
"Data theft is now automated, with vulnerability exploitation becoming more streamlined,"
Career Journey
As we move further into 2024, organizations must grasp these insights and re-evaluate their cyber strategies. Continuous adaptation and proactive measures will be paramount in combating the evolving threat landscape, as the report clearly illustrates the need for vigilance in a world where cybercriminal tactics are on the rise.
