Express Computer
Home  »  News  »  Securonix threat labs 2024 annual Autonomous Threat Sweeper (ATS) intelligence insights

Securonix threat labs 2024 annual Autonomous Threat Sweeper (ATS) intelligence insights

0 45

Over the past 12 months, ATS has analysed and codified over 1,900 emerging threats, encompassing more than 56,000 TTPs and IoCs. Our efforts in investigating over 780 potential threats and addressing over 117 significant threat incidents have been crucial in maintaining the security posture of our client base during this period. The operational efficiency achieved by the ATS team has led to an estimated average of 324 hours saved per month this year, demonstrating both proactivity and effectiveness.

  • Emerging and Evolving Threats: Cyberattackers are increasingly exploiting vulnerabilities in widely-used technologies, such as Ivanti Connect Secure VPN and GlobalProtect VPN (CVE-2024-3400). Attackers are also evolving tactics, as evidenced by LockBit ransomware’s use of new encryptors and sophisticated phishing attacks by groups like TA4903 targeting the US government and small businesses.
  • Targeted Campaigns and Nation-State Actors: Chinese state-sponsored hackers continue to target defense and government entities, using ScreenConnect and F5 bugs to gain unauthorised access. New advanced persistent threat (APT) groups like Actor240524 have emerged, focusing on healthcare and financial sectors. Additionally, the DEEP#GOSU and PHANTOM#SPIKE campaigns are increasingly aimed at high-value organisations for espionage.
  • Cloud and Malware Techniques: Cybercriminals are exploiting cloud services for malware distribution, utilising Unicode tricks to deceive users and evade security filters. Meanwhile, new techniques like DLL sideloading are being employed to inject malicious code into legitimate software, making detection and mitigation harder.
  • Advanced Backdoors and Malware: New threats like the SUBTLE-PAWS PowerShell backdoor in Ukraine and the EDRKillShifter malware are advancing in complexity. These tools disable security mechanisms like endpoint detection and response (EDR) and antivirus, giving attackers undetected access to networks.
  • Disruptions and Vulnerabilities in Critical Infrastructure: Notable disruptions, such as the CrowdStrike outage, highlight the vulnerabilities in cloud-based security solutions. Additionally, vulnerabilities like the FortiJump bug and the SLOW#TEMPEST campaign (DLL path traversal vulnerability) underscore ongoing risks in critical infrastructure sectors, especially in telecommunications and defense.

Securonix Threat Research 2024
The year 2024 saw a diverse range of cyberattack campaigns and vulnerabilities, highlighting an ongoing evolution of attack techniques, threat actor sophistication, and the targeted sectors. Key trends included advanced phishing campaigns, PowerShell and VBScript-based malware, as well as the exploitation of vulnerabilities in widely used platforms. Threat groups employed obfuscation, social engineering, and novel tools to bypass detection and gain persistent access to compromised systems. For a summarised overview of the notable campaigns and tactics identified by Securonix Threat Research.

Notable events such as the LockBit ransomware resurgence, the Snowflake breach, and the CrowdStrike crash underscore the vulnerability of even well-established cybersecurity infrastructures. Additionally, the exploitation of critical vulnerabilities in widely used platforms like Ivanti Connect Secure, Palo Alto Networks PAN-OS, and VMware further emphasised the importance of timely patching and vulnerability management.

APT groups, particularly from North Korea and newly emerging actors like Actor240524, have intensified their operations, employing highly targeted spear-phishing, credential theft, and malware campaigns to steal sensitive information, disrupt organisations, and achieve geopolitical or financial objectives.

  • Timely Patching and Vulnerability Management: Ensure that all critical systems and software, such as Ivanti Connect Secure, Palo Alto Networks PAN-OS, and VMware, are promptly patched to mitigate exploitation risks. Apply patches as soon as they are released and continuously monitor for new vulnerabilities.
  • Multi-Factor Authentication (MFA): Enforce MFA across all systems, especially for remote access and high-value accounts, to significantly reduce the impact of stolen credentials, as seen in the Snowflake breach.
  • Advanced Threat Detection Tools: Implement advanced endpoint detection and response (EDR) solutions that can identify and block sophisticated attacks like DLL sideloading, PowerShell-based malware, and obfuscated payloads. Regularly update and fine-tune these tools to keep pace with evolving attack techniques.
  • Employee Training and Awareness: Regularly educate employees on the dangers of phishing, social engineering, and malicious attachments. Encourage vigilance when interacting with unsolicited emails or unfamiliar links, especially those disguised as official communications.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image