Mid-year Threat Landscape Roundup: What You Need to Know

The many factors that influence the threat landscape make predicting its path nearly impossible. But as security professionals, observing attack trends can help us anticipate shifts and respond from a position of strength. As a community we tend to take stock of trends and observations at the end of the calendar year, yet as the landscape is ever evolving, a mid-year assessment seems appropriate.  

What’s old is new again 

While much can be said about increasingly sophisticated attacks, it isn’t necessarily a technique that makes an attack novel. Instead, we’re seeing old techniques refashioned in new attack methods.  These techniques are carefully leveraged in a way that eludes most detection and response systems.  

Take malware as one example. Malware continues to be pervasive, which won’t come as a surprise to most. However, what may be surprising is its pace — according to a recent report from Thales, malware stands out as the fastest-growing threat of 2024, with 41% of enterprises witnessing a malware attack in the last 12 months. 

Success can largely be attributed to increasingly popular and undetectable tactics used to deliver malware, like new variants of IDAT Loader, steganography techniques and infostealers like Chae$ 4.1, which Morphisec’s researchers have identified and documented.  

Equally prevalent this year is vulnerability exploitation, which remains one of the top three techniques attackers use to gain access to an organization. The Verizon 2024 Data Breach Investigations Report notes a 180% increase in the exploitation of vulnerabilities as the critical path to initiate a breach. So far, more than 17 thousand CVEs (Common Vulnerabilities and Exposures) have been published.  

Vulnerabilities aren’t new; however, attackers are finding creative ways to apply them, thanks to the fact that most organizations struggle to keep up with patching. In fact, recent research indicates that organizations typically have the capacity to address only one out of every 10 vulnerabilities in their environment in any given month. 

2024 trend highlights 

Malware and vulnerability prioritization are just two trends Morphisec researchers have profiled in their mid-year threat landscape roundup report. Read on to see eight more trends that make up the top 10: 

1. Ransomware — Prolific groups like LockBit, BlackCat/ALPHV and Akira, continue to successfully collect ransom on a global scale. One in three ransomware attacks results in eventual payment, Global ransom collection has exceeded $1billion, and the overall economic impact is estimated to exceed $30 billion. The frequency of ransomware attacks remains steady, accounting for nearly 25% of data breaches, yet ransom payment amounts have slightly decreased in 2024, as threat actors are seeking ease of payouts, versus targeting large organizations.
2. BEC Attacks — Business email compromise (BEC) is a form of phishing attack where a criminal attempts to trick a senior executive (or budget holder) into transferring funds or revealing sensitive information. According to the FBI’s 2023 Internet Cyber Crime Report, BEC was the second-costliest crime last year, accounting for over USD $2.9 billion in losses.  Morphisec researchers have observed a trend of increased BEC attempts against target organizations, yet interestingly transaction amounts associated with BEC attacks have slightly declined over time. 
3. Generative AI — Generative AI is now utilized in many technologies and leveraged by both attackers and defenders, increasing attack risk and augmenting attack response. 
4. Vulnerability Prioritization — According to the Verizon 2024 Data Breach Investigations Report more than half of reported breaches and ransomware attacks now leverage vulnerabilities. Decentralized security in M&A situations and supply chain compromises like AnyDesk are significant threats that will continue through this year. 
5. Credential Theft — Credential theft continues to increase in popularity and frequency; it’s now one of three primary methods used to penetrate environments. 2023 saw a significant increase in the number of info-stealers and the level of sophistication they employ.  
6. Endpoint Detection and Response (EDR) Bypass — EDR is industry standard in most organizations, yet breach and incident volumes remain high as these solutions struggle against advanced and unknown attacks. In fact, EDR bypass methods are well documented; on average 30% of attacks bypass EDR and next-gen anti-virus solutions. 
7. Regulatory Change — Continued amendments to reporting timeline refinements from federal and industry-focused regulators, particularly with respect to AI will ripple through to security teams and the defense tools they use. A recent executive order proposes AI usage guideline improvements this year, with more guidance planned for rollout in 2025.
8. Device Security Management — Overall device security and associated risk prioritization and mitigation remains challenging. Blocking access to unmanaged devices is critical to risk management, but hard to achieve with limited resources. Evasive techniques like hijack execution flow, reflective code loading, and fileless and in-memory attacks are successfully bypassing industry standard detection-based solutions.  
9. Risk Mitigation — Attack surface expansion continues to affect overall risk. Risk mitigation strategy is evolving across three distinct categories: understanding the source of risk, prioritizing risk reduction, and preventing risk. Varying degrees of risk tolerance require different approaches and solutions. For example, maintaining a dedicated solution for ransomware mitigation, separate from other security controls, can appropriately gauge and mitigate risk. Adopting enhanced capabilities through solutions like Adaptive Exposure Management from Morphisec can illuminate blind spots in the environment. With improved visibility, actionable insights and tailored recommendations, security leaders can elevate their organization’s security posture with holistic exposure management, thereby effectively managing risk on a continuous basis. 
10. Technology Innovation — It’s not all bad news; emerging technology is helping defenders adopt a more proactive stance. A basic premise of military strategy proposes that a moving target is harder to attack than a stationary one — attackers can’t target what they cannot see. Moving target defense, or Automated Moving Target Defense (AMTD), uses strategies that orchestrate movement or changes in IT environments across the attack surface to increase uncertainty and complexity for attackers. This is a significant advantage for defenders.   

Download the 2024 Mid-year Threat Landscape Roundup to get more details on these observations and to access actionable takeaways you can use to navigate these trends through the rest of the year and beyond.