Security Navigator 2024 Report summary: What have we learned?

Security Navigator 2024 Report Summary: What have we learned?

---

This article is an excerpt from the Security Navigator 2024 Report, released in December 2023. Download a copy of the full 180-page research report at: https://www.orangecyberdefense.com/za/security-navigator

Cyber threats have constantly been evolving, with attackers trying to get past defences to achieve their goals, be it for financial gain, political motives or various other reasons.

Our teams are always on the lookout for new and emerging trends. Let’s summarise four main key take aways learnt from this past year.

Firstly, one of the most striking trends we notice is the rising number of ransomware victims. Unfortunately, cyber extortion (Cy-X) attacks are still highly profitable for criminals – though hopefully that will change as organisations find ways to be more resilient.

Hacker groups active for multiple years are still behind a large number of attacks. However, and additionally, numerous new and younger groups have recently appeared in the ecosystem: they take advantage of ransomware strains that are leaked on cyber criminal forums. Thanks to that, they flourish quickly with much lesser effort.

We have noticed an uptick in international co-operation among security industry and law enforcement to try to take down such “historical” groups (Ragnar Locker, Qakbot, Snake –from Turla, to name but a few). In the cyber security world, without borders, international co-operation is key: without it, there's not much which can be done. Unfortunately, even when infrastructures are seized, it isn't uncommon to see the same group back in business a few weeks or months later under a new name.

We've even noticed more vigilante "group versus group" actions, as the example of the attack on the Trigona group, led by hacktivists from the Ukrainian Cyber Alliance. This politically driven attack successfully disrupted the illegal activities of the Russian-based ransomware gang. With the current geopolitical climate, it wouldn't be surprising to record similar attacks in the future.

A second persistent trend in 2023: the number of detected vulnerabilities has continued to strongly increase. Hackers quickly exploit technical and human flaws (through phishing attacks, for instance), so this increase is concerning. And what has been particularly true in 2023 is the increase of exploits using the infamous 0-days (with no patch or correction yet available from the software maker as they are unaware of their existence).

Unfortunately, the confirming trend is that vulnerabilities (among which 0-days) are used as attack vectors even more quickly and more intensively. The defender’s patching response time is crucial in preventing a breach. And in the case of openly disclosed 0-days breaches, it is becoming increasingly important for solution providers to release security fixes as fast as possible.

The third trend in 2023 is related to hacktivism behavioural changes increasingly conflictual global geopolitical climate. Whereas 2022 was shaped by cyber hacktivism linked to the war against Ukraine, with a relatively easy to follow and political-only approach by belligerents on both sides, the Hamas-Israel war has sparked many individual, loose and moving, politically driven initiatives across the globe, which will probably contribute to more disruptions in the cyber world in years to come. These actions are also increasingly aiming to promote fear or to influence public opinion with exceptional levels of disinformation flourishing online.

Moreover, cyber warfare, another consequence of the world’s conflictual evolution, has also evolved this year: sabotage, through wipers, to destroy an enemy’s data is way less popular among nation state threat actors, in favour of espionage operations. In some cases, attacks have been conducted to try to influence elections in other countries, and in others we can even notice alliances between nation states (exchanging cyber expertise for weapons, for instance).

The picture that is drawn here might seem a bit bleak, but the silver lining is that this analysis is the fruit of years of gathering intelligence on the cyber threat – and in this world, knowledge is power.

The last and positive trend I would like to end this summary on is around the defenders’ resiliency: cyber threats are growing and evolving, but cyber defenders, as shown in this Security Navigator, are also learning, adapting and innovating to meet these threats head on.

The fight against threats requires awareness and best practice adoption within your own organisation.

Together, we (can) build a safer digital society.

For more insights and analysis into the global threat landscape, download your free copy of the Security Navigator 2024 Report at: https://www.orangecyberdefense.com/za/security-navigator.