Top Cybersecurity Threats in 2024
As malware evolves and advances, information security analysts must stay one step ahead. This creates a cat-and-mouse game where threat actors have the advantage, but defenders have the home-field advantage. Knowledge is crucial in this race. This blog post article will teach you about the most common attacks and significant security incidents.
Types of attacks
Social engineering is manipulating, influencing, or deceiving a victim to gain information, control a computer, or steal personal and/or financial information.
Ransomware is a type of malware software that is designed to encrypt all personal files until a ransom is paid.
Supply chain attacks use trusted third-party tools or services to infiltrate a target system network.
Malware (malicious software) is designed to disrupt, damage, or gain unauthorized computer or network access.
Adversary-in-the-middle (AitM) attacks are cyberattacks in which an attacker secretly intercepts and possibly alters the communication between two parties who believe they are directly communicating with each other.
Social engineering
In 2013 and October 2015, Rimasauskas is said to have defrauded his corporate victims. Some of his victims were Google and Facebook, conning them out of $100 million.
““Forged invoices, contracts, and letters that falsely appeared to have been executed and signed by executives and agents of the Victim Companies, and which bore false corporate stamps embossed with the Victim Companies’ names, were used in furtherance of the fraudulent scheme orchestrated by Evaldas Rimasauskas, the defendant. Rimasaukas caused these fraudulent documents to be submitted to banks in support of the large volume of funds that were being transmitted via wire transfer into the [Facebook] bank accounts” (Margolin & Biase, 2019).”
Even Fortune 500 companies can fall victim to phishing attacks.
Ransomware
On April 01, 2024, Omni Hotels experienced a nationwide IT outage due to Daizin Ransomware threat actors. In a statement on its website, Omni said the impacted data may include customer names, emails, mailing addresses, and select guest loyalty program information.
Omni wanted to state that the impacted data does not include sensitive information such as personal payment details, financial information, or Social Security numbers.
Supply Chain
“AT&T has launched a robust investigation supported by internal and external cybersecurity experts. Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders (AT&T Addresses Recent Data Set Released on the Dark Web, 2024).”
AT&T's supply chain attack was caused by not using multi-factor authentication on one of their Snowflake accounts, which allowed an attacker to log in and exfiltrate account data.
Adversary-in-the-middle (AitM)
In 2023, researchers at the Ruhr University Bochum in Germany discovered a way to manipulate sequence numbers during the handshake process to compromise the integrity of the SSH channel. Named the Terrapin attack, the attacker must be in an AitM position to intercept and modify the handshake exchange. Furthermore, it affected around 11M instances (by unique IP).
More reading on this attack:
References
AT&T Addresses Recent Data Set Released on the Dark Web. (2024, March 30). About.att.com. https://about.att.com/story/2024/addressing-data-set-released-on-dark-web.html
CISA. (2023). Defining Insider Threats. Cybersecurity and Infrastructure Security Agency CISA; CISA. https://www.cisa.gov/topics/physical-security/insider-threat-mitigation/defining-insider-threats
Margolin, J., & Biase, N. (2019, December 19). Lithuanian Man Sentenced To 5 Years In Prison For Theft Of Over $120 Million In Fraudulent Business Email Compromise Scheme. Www.justice.gov. https://www.justice.gov/usao-sdny/pr/lithuanian-man-sentenced-5-years-prison-theft-over-120-million-fraudulent-business
