Cybersecurity Threats: Identity Attacks and Non-malicious Software

Cybersecurity threats have become even harder to detect and prevent in 2024 according to the latest report from Crowdstrike.[1] Among the latest findings:

Threat actors can move laterally across a system in under one (1) minute after gaining access to the network;
Voice solicitation, or “vishing”, attacks are up over 400% between the first and the second half of 2024; and,
AI generated attacks have allowed for more sophisticated attacks to take place.

But two statistics stood out as compared to the others. First, attackers are using legitimate credentials to gain access to organizations. This access occurs through “brokers” who specialize in the initial access to organizations. Providing access to systems through brokers was up over 50% compared to the year before. The re-sale of access means the initial theft or compromise of credentials may not immediately take place. A user who clicks on a suspicious link, without any resulting consequences may not report the incident. The harmful attack may be delayed and independent of the compromise.

Second, to gain an initial foothold in an organization threat actors in the past have relied upon sending malware embedded in emails. Malware is usually part of a convincing social engineering campaign. Once a user is convinced as to the legitimacy of the email, the download or execution of the malware provides the initial access to the network.

In the latest findings, over 79% of the attacks do not use malware to gain a foothold in the organization. The attackers are finding and exploiting more vulnerabilities in systems. The vulnerability allows the attackers to gain an initial foothold without having to rely on malware.

Percentage of detections that were malware-free, 2019 – 2024.

Conclusions

In conclusion, the Crowdstrike report highlights the evolving and increasingly sophisticated nature of cybersecurity threats. With attackers leveraging and exploiting system vulnerabilities rather than relying solely on malware, organizations need to adopt more comprehensive and proactive security measures. Organizations need to monitor and upgrade or patch vulnerable systems quickly.

Also, the significant rise in use of brokers to facilitate access underscores the importance of vigilance and robust identity protection strategies. It is crucial for organizations to stay ahead of these threats by educating users on recognizing and responding to potential attacks.