Each year, cybersecurity companies publish a number of research
reports focusing on different aspects of cybersecurity and breach
trends. Below is a list of some of the most alarming statistics from
several reports published throughout the year from various companies.
++
Bitdefender
researchers found that 40% of Halloween-themed spam is malicious and urges
the public to be on alert as Halloween is the cybercrime start of the holiday
scam season. Bitdefender researchers expect online shopping scams to continue
to increase through December.
Additional key findings include:
- Halloween-themed spam
rose 18% between Oct. 1-16, compared to the entire month of September.
- 71% of the spam is
hitting U.S. inboxes followed by Germany (9%) and the UK (5%).
- Walmart, Costco, Aldi,
and other major brands are being used as lures.
++
A
recent survey from Extreme Networks found that security is an ongoing
challenge for CIOs and senior IT leaders.
- 58% of respondents said
managing and securing new devices being added to the network was one of
their top three complexities.
- 57% ranked protecting
the network against potential threats as one of their top three challenges.
- 40% cite that their
biggest concern with AI is keeping data secure.
++
Earlier this year, Zerto partnered with IDC to conduct a ransomware and disaster preparedness survey. The report highlights the significant challenges faced by organizations relying solely on backup for disaster recovery.
A few of the scary survey findings include:
- Backup-related issues are the number one cause of data loss, responsible for 32% of incidents.
- Organizations reported an average of 4.2 data disruptions per year requiring an IT response, including one ransomware attack and one internal attack per year on average.
- 48% of organizations that paid a ransom did so despite having valid backups, with the most common reasons being a desire for a speedier recovery or minimized data loss.
- Only 20% of ransom-payers were able to fully recover their data after payment, creating a "worst of both worlds" situation.
++
Deepfakes are now a major cybersecurity threat, with 36% of IT and security leaders witnessing these attacks first-hand, according to Keeper Security’s global 2024 Insight Report. A staggering 95% of respondents reported that cyber attacks are becoming more sophisticated, and many feel unprepared to combat threats like deepfake technology (30%) and AI-powered attacks (35%). As cybercriminals leverage AI to rapidly scale and refine their tactics, the tools in their arsenals are growing more frightening and destructive.
Here are some more scary stats to consider:
Source: 2024 Keeper Security Insight Report, The Future of Defense: IT Leaders Brace for Unprecedented Cyber Threats. Findings are based on a survey of more than 800 IT and security leaders around the globe.
- 92% of respondents reveal they've seen an increase in cyber attacks year-over-year
- 95% of IT leaders say that cyber attacks are more sophisticated than ever – and they are unprepared for this new wave of threat vectors
- 51% of security leaders identify AI-powered attacks as the most serious threat facing their organizations
- 84% of respondents said that phishing and smishing have become more difficult to detect with the rise in popularity of AI-powered tools
- 73% of respondents report experiencing a cyber attack that resulted in monetary loss
- 52% of survey respondents shared that their company's IT team struggles with frequently stolen passwords, underscoring the importance of creating and safely storing strong, unique passwords for every account.
++
Imperva's
Threat Research Team released findings that offer an
inside look at a surge in AI-driven attacks targeting retailers ahead of the
holiday season. Imperva found that retail sites are experiencing 569,884
AI-driven attacks daily on average and, with peak shopping season around
the corner, these attacks will only continue to increase. Here are a few scary stats:
- On Black Friday alone,
the number of ATO attacks spiked by 85%, compared to a 66% increase on
Black Friday 2022
- 82% rise in malicious
login requests between October and November
- The
retail industry suffers from some of the most persistent bot problems,
with a high ratio of advanced bad bot traffic at 58%
- Evasive Bad Bots make up 70% of
all bad bot traffic to retail websites vs. 51% on other websites
++
Object First recently released research revealing the impact of ransomware attacks on
organizations' data.
- 93%
agree immutable, zero trust backup storage is a must-have in today's
threat landscape
- 44%
say it has taken one or more months to recover backup data
- Outdated
backup technology (34%), lack of backup data encryption (31%), and failed
data backups (28%) are the top vulnerabilities to attacks
- 84%
say they need better backup security to meet regulations and compliance
obligations
++
According to Orca’s recent State of AI Security Report, 56% of companies are using AI to build custom applications with broad exposure to API keys, excessive access permissions, and misconfigurations. This statistic is particularly alarming as it highlights a systemic issue in how the majority of organizations are approaching AI without regard for security. This widespread neglect underscores the urgent need for organizations to prioritize robust security measures in their AI initiatives to safeguard against the cascading effects of an increased attack surface.
Orca's report also found that years after the discovery of Log4Shell, 59% of all organizations have vulnerable assets and 0.6% of all public-facing assets are vulnerable. Many of these workloads have been deployed since 2021's discovery of the very exploitable vulnerability, showing that even the worst vulns continue to slip through into production.
++
A recent Traceable AI study engaged over 150 cybersecurity professionals across
the U.S., diving into the growing concern of security breaches against the
backbone of modern financial services and APIs.
A few of the key survey findings include:
- Detecting and preventing
unauthorized access to accounts (35%), sensitive data exfiltration
(33%), and identifying API vulnerabilities (30%) are the top
concerns for financial organizations.
- 82% of
financial organizations express moderate to extreme concern about
complying with federal financial regulations (FFIEC, OCC, CFPB) in
relation to their API inventory and security posture.
- Data loss and brand
reputation damage (both 41%) are the top consequences of
API-related breaches, followed by financial loss (36%) and customer
attrition (35%).
++
Uncovered in the 2024
Specops Breached Password Report, even the strongest passwords can become compromised through
password reuse and data breaches - learn the importance of scanning your
environment for breached passwords.
- 123456 was the most
common compromised password found in KrakenLab's new list of breached
cloud application credentials
- 31.1 million analyzed
breached passwords were over 16 characters in length - showing longer
passwords aren't safe from being breached
- Only 50% of
organizations scan for compromised passwords more than once a month
++
Protegrity's The State of Data Security Optimization and Monetization report findings show that the cost and
complexity of data compliance is hampering business innovation:
- Only
2% of organizations can access sensitive data in less than a week.
- 69%
of organizations are waiting over a month to access data, sometimes
between 3-6 months.
- Nearly half (49%) of
respondents are planning to invest up to 15% of their IT budgets on data
security.
- While 84% of
respondents stated they are either fully or somewhat prepared to meet PCI
compliance requirements, 2% of respondents
admitted to being completely unprepared, 14% said they are somewhat unprepared
and 46% of respondents were only somewhat prepared.
++
VulnCheck published its State
of Exploitation - A Peek into 1H-2024 Vulnerability Exploitation report.
The
research revealed that over half (58%) of CVEs confirmed as exploited
in the wild for the first time were weaponized before exploitation
was disclosed. The study also found that CISA added only 18% of
vulnerabilities with known evidence of exploitation to its KEV catalog during
the first half of 2024.
Key
findings include:
- VulnCheck sourced evidence of 390 vulnerabilities
that were identified for the first time as being exploited in the wild
in 1H 2024, approximately 432% more than those captured by CISA
KEV in the same time period
- The most at-risk product categories for newly exploited
vulnerabilities include; Network Edge Devices,
CMS, Open Source Software, Server Software, and Operating Systems
- 53 zero-day vulnerabilities, with exploitation evidence
available at or before the public disclosure of the vulnerabilities
(accounting for 13.6% of the KEVs added to the VulnCheck KEV
catalog)
- 70% of vulnerabilities had one or more POC available
prior to exploitation disclosure
++
Halcyon published its Ransomware and Data Extortion Business Risk Report,
revealing the significant impact on businesses from ransomware attacks and data
exfiltration over the past 24 months. The report found that 66% of
organizations infected by ransomware were infected at least twice,
and 18% of organizations were infected 10 or more
times.
Key
findings include:
- Nearly two-thirds (60%) of respondents said that
sensitive or regulated data was exfiltrated from their organization
- More than half (55%) reporting the attackers issued an
additional ransom demand to protect the exfiltrated data
- 62% of organizations hit by ransomware reported a major
disruption in operations, with 38% saying operations were disrupted for at
least two months to more than six months
- Nearly one-in-five (17%) indicated network remediation
(incident response only) cost their organization more than $50 million,
15% said it ran between $5-9 million, and 14% said between $1-4 million
More
than half (57%) said the attacks will have a negative impact long-term on their
organization's operations, competitiveness, profitability
or overall viability.
++
According to Securin, cyberattacks against water
and wastewater systems are on the rise.
- Vulnerability
/ misconfiguration exploitation (27.5%)
- Exploit
of public-facing application (15%)
- External
remote services (15%)
- Compromised
credentials (10%)
These numbers indicate that
threat actors don't need to rely on sophisticated attack mechanisms. They're
going after the low-hanging fruit and internet-exposed assets with known,
persistent vulnerabilities. For example, Cyber Av3ngers exploited Unitronics
PLCs vulnerability CVE-2023-6448 to target the Municipal Water Authority of
Aliquippa last year.
Water
and wastewater utilities especially need to pay attention to their IT and OT
convergence. These interconnected systems control critical infrastructure.
Vulnerabilities in the IT integration can expose vital operations to
cyberattacks, potentially disrupting services and compromising public safety.
To counter threat actors, constant awareness, analysis and action is needed.
++
JFrog commissioned
InformationWeek to conduct a survey
of over 200 IT and cybersecurity professionals predominately located in North
America to gain a deeper insight into AI adoption as well as MLSecOps best
practices.
Key findings of the JFrog-sponsored study show that most
companies are reticent to roll out enterprise AI systems due to:
- Gaps in AI/ML security: An
overwhelming majority of firms (79%) say security concerns are slowing
their use of AI/ML by the business and/or the integration of AI/ML
features into the software they make.
- Limited visibility into
AI/ML software supply chains: Nearly 70% of companies can't detect the
origin of AI source code, 67% are unable to track AI-related open-source
dependencies and 49% can't control ML model usage.
- No single source of truth
for regulatory and compliance needs: Nearly two-thirds (64%) of
organizations lack full confidence in their ability to meet emerging AI
regulatory standards in software development.
- Widespread lack of AI
governance: More than half (60%) of companies lack policies for
sourcing or licensing training data and (58%) of companies are missing a
governance framework for AI developers.
++
Cyware 2024 Threat Intelligence and
Collaboration Survey:
- 70 percent of organizations strive but fail to
successfully share threat intelligence information across security teams
and platforms.
- 91 percent of respondents said collaboration and
information sharing are very important or absolutely crucial for
cybersecurity.
- More than half (53 percent) said their
organization does not currently utilize their industry sector's
Information Sharing and Analysis Center (ISAC) or leverage its near
real-time threat data.
- More than a quarter of respondents (28 percent)
were unaware of the existence and role of ISACs.
- Nearly half (49 percent) reported that their
organization struggles to derive actionable insights across multiple
security tools such as threat intelligence platforms, SIEM, asset
management, and vulnerability management platforms.
- 70 percent said their organization could share
more threat intelligence, while only 23 percent said they are currently
sharing the right amount of information and just 2 percent believe their
organization shares too much threat intel.
- Asked which teams are least likely
to share useful threat intelligence with other departments, 31 percent
said DevOps, 17 percent said Security Ops, 16 percent said Threat
Intelligence, and 15 percent said IT Ops.
++
VISO TRUST State of Third Party Risk
Management in 2024: AI's Impacts & Future Trends:
The
report leverages VISO TRUST Platform-derived data which includes profiles
of more than 2.4 million companies, and surveyed insights from CISOs, security,
and TPRM professionals across various industries.
Drawbacks of Legacy Third Party Risk Management
approaches:
-
Inadequate
responses: Approximately 75% of vendors responding to legacy questionnaire
approaches requiring manual input either ignore or delay crucial risk
assessments.
-
False positives:
Conventional cyber risk ratings yield a 90% false positive rate, undermining
their reliability.
AI-Driven Impacts on Third Party Risk Management:
-
Efficiency gains:
AI-assisted modern TPRM programs reduce vendor and partner assessment timelines
from months to days.
-
Near-complete
coverage: AI and automation achieve almost 100% coverage of third-party
networks.
-
Significant
increase in true positives: data analysis revealed a 500% rise in accurate risk
identifications.
-
Faster
assessments: Risk evaluation times have decreased from 60 to 90 days to just
five to eight days.
-
Enhanced
accuracy: AI-driven methods refine risk assessment precision.
++
Mark43 has conducted regional surveys in California, Massachusetts, and Florida, revealing the fears of local residents regarding cyberattacks:
- Nearly three quarters (73%) of California residents are worried about cyberattacks impacting the way police manage data and records. (source)
- Pressing concerns about cyberattacks include:
- full emergency system outages, leading to delayed 911 response (60%),
- the risk of confidential data being exposed (54%), and
- loss of trust in public safety (45%).
- More than half (53%) of Massachusetts residents fear their local first responders’ duties could be affected by cyberattacks, and 60% worry about emergency systems going down and affecting 911 response times. (source)
- The majority (62%) of Florida residents are worried about the possibility of emergency systems crashing due to cyberattacks, ultimately affecting response times. (source)
++
A recent survey by Lineaje revealed alarming gaps in readiness
regarding the U.S. Cybersecurity & Infrastructure Agency's (CISA) Secure
Software Development Attestation Form. Only 20% of businesses were
confident they would meet the initial compliance deadline of June 11, 2024.
Key findings from the survey included:
- 84% of
organizations have not implemented Software Bills of Materials
(SBOMs) in their development processes, despite EO 14028 mandating their
use since May 2021.
- Over 2,700
organizations in the U.S. were impacted by software supply chain
attacks in 2023, marking the highest incidence since 2017.
- The number of affected
companies has surged by 58% in the past year, highlighting the
urgent need for compliance with EO 14028.
- 65% of
respondents reported being unaware of EO 14028, and among
those familiar, approximately 50% do not know its specific
requirements.
- Security vulnerabilities
are the primary concern for 56% of respondents, followed by
compliance issues at 22%.
- Nearly 60% of
companies utilize open-source software components, but only 16% feel
confident in their security.
- 45% of
organizations cited budget constraints as a significant barrier
to compliance, while 36% pointed to staffing shortages.
These findings underscore the critical need for organizations to
enhance their cybersecurity measures and ensure compliance with evolving
regulations to mitigate the risks of software supply chain attacks-lest they
find themselves haunted by the ghosts of breached data and lost trust.
++
Art Gilliland, CEO Delinea shared:
- Gaps in
identity security are the most common cause of cyber incidents that result
in insurance claims.
- Frequency
of cyber insurance claims remains high - 62% have filed a claim in the
last 12 months with over 27% filing multiple claims
- Identity
and privilege compromises account for nearly half (47%) of attacks that
lead to insurance claims
-
Insurance companies want
evidence of identity security before even granting a policy, with 41% requiring
authorization controls. And requirements don't stop after policies are granted.
You must maintain effective security controls if you expect claims to be paid
++
Anetac - 2024 Identity Security Posture Management
(ISPM) Survey Report
- Visibility epidemic: 44% of IT security professionals
rely on manual logging for service account visibility, while 10% admit to
no visibility measures at all. Meanwhile, 47% depend on static tools,
potentially missing real-time security threats.
- Hybrid account misuse: 75% of organizations report the
dangerous practice of using service accounts as human accounts or vice
versa, blurring the lines between automated processes and individual user
actions. Hybrid account misuse happens both on-premises and in the cloud.
- Company assets at risk: A significant 76% of IT security
professionals acknowledged that their service accounts have direct access
to the company's crown jewels-the most critical and sensitive assets.
However, 40% reported that only 0-14% of their service accounts have such
high-level access.
- Prolonged password rotation cycles: An alarming 53% of security
professionals take 13 weeks or more to rotate service account passwords,
with 35% extending this period to 16 weeks or beyond. Even more
concerning, 3% of respondents admit to rotating these critical passwords
only once every 1-5 years.
++
Keyfactor's 2024
PKI & Digital Trust Report
Earlier this
year, Keyfactor and VansonBourne released new research revealing the scary
truths of a rapidly evolving digital landscape marked by the proliferation of
machine identities within organizations, the increasing use of Generative AI
technology, the growing threat of Post Quantum and the widespread adoption of
IoT devices. The report found:
- The
escalating volume of certificates used by the average organization is
outpacing their ability to manage, with 91% of organizations reporting
deploying greater volumes of cryptographic keys and digital certificates,
compared to 74% in 2023 and 61% in 2021.
- While
99.8% of organizations reported having a machine identity strategy in
place to help them manage certificate sprawl, and 55% believe their
strategy is fully mature, 93% reported experiencing challenges with
implementation, and 72% believed machine identity management is
problematic to their organization, showcasing a false sense of confidence.
- This
proliferation of devices is having a negative impact on
organizations. The average organization experienced nine
certificate-related incidents over the past 12 months. These incidents
take an average of 2.6 hours to identify a certificate-related outage and
another 2.7 hours to remediate it, with an average of 8 staff members
directly involved in response and remediation during a typical outage
caused by a certificate-related incident.
- With
the looming threat of quantum computers, which are capable of breaking
some of the most widely-used security protocols in the world
today, 80% of organizations report they are concerned about their
ability to adapting cryptography to this threat. While post-quantum
cryptography (PQC) readiness holds promise as a solution, 95% of
organizations are encountering obstacles in the process of getting ready
for PQC, reporting bottlenecks including:
- Limited
budget and resources for PQC implementation (45% report this as a primary
challenge)
- Integration
challenges with existing security infrastructure (44% report this as a
primary challenge)
- Difficulty
in finding skilled personnel for PQC adoption (43% report this as a
primary challenge)
++
DataDome's Global Bot Security Report 2024
Bots present
an array of scary challenges for businesses. DataDome's 2024 Global Bot
Security Report found an increase in both the quantity and sophistication of
bot-driven attacks. Other scary findings include:
- 2
out of 3 organizations are unprotected against simple bot attacks.
- Advanced
bots were detected less than 5% of the time.
- Fraudsters
increasingly use more advanced frameworks and strategies, moving away from
older, easier-to-detect technologies.
- AI
advancements have drastically reduced the effectiveness of traditional
CAPTCHA defenses. Now bots can solve CAPTCHAs quickly and at a low cost.
- The
health, luxury and e-commerce sectors are the least protected industries
from bot attacks.
- Fake
Chrome bots remained to be the most difficult simple bot to detect,
leaving businesses vulnerable to layer 7 DDoS attacks, account fraud, and
more.
++
Global SASE Report | Xalient
Xalient has recently released its Global
Research Report, Why SASE is the Blueprint for
Future-Proofing Your Network in 2025 and Beyond, which surveyed 700 IT,
network and security leaders from organizations with 2,000+ employees from the
UK, US & Canada, and Benelux. It finds that organizations are struggling to
keep up with the evolving threat landscape and this is a primary driver for
Secure Access Service Edge (SASE) adoption.
Key findings include:
- 99% of organizations have
experienced a security attack in the last 12 months
- 44% of these attacks are a
result of a remote or hybrid worker
- 82% are struggling to recruit
and retain specialist security skills
The research also found a key challenge facing
respondents is finding, recruiting, and retaining specialist security skills to
protect their organization from new and growing threats that impact the
networks.
++
Recent findings from
Jumio's 2024
Online Identity Study, reveals growing concern among Americans on the
political
influence AI and deepfakes may have during elections.
- 72% of American consumers are worried about the
potential for AI and deepfakes to influence upcoming elections.
- U.S. consumers feel deepfakes undermine trust in
politicians and media, with 70% reporting increased skepticism in
the content they see online, compared to the last election.
- Only 46% of global consumers believe they could
easily spot a deepfake of a political figure or celebrity. This drops to
37% in the U.S. and confidence wanes by age group, with only 22% of
Americans age 55 or older trusting their ability.
++
Skybox Security's
survey findings highlight a disparity between the
perceived effectiveness of network and security team collaboration and the
actual results.
- 81% of decision-makers perceive their current
collaboration levels as effective and 82% report successful
information-sharing practices.
- Despite formal processes, over a third of
respondents report that their organization's security posture has been
negatively impacted by miscommunication between network and security teams
to a certain or large extent.
- Almost half (45%) of organizations have experienced
miscommunications that resulted in delays in reporting or addressing
security incidents in the last 12 months.
++
With the rapid adoption
of AI technology into the cybersecurity sector, Swimlane's recent report illuminates the risks associated with AI
adoption.
- 74% of cybersecurity leaders are aware of
individuals at their organization inputting sensitive data into a
public LLM, even though 70% of organizations have specific
protocols in place when it comes to what data is shared in a public
LLM.
- 51% of respondents say they are starting to feel fatigued
by the constant focus on AI.
++
SecurityScorecard's
recent reports reveal the increased risks associated with third parties
and supply chains.
++
Cofense's Annual Report
highlights the growing threat of malicious emails bypassing Secure Email
Gateway's
- There was a 104.5% increase in the number of
malicious emails bypassing SEGs, with a 67% increase in volume of
credential phishing in 2023
- 90% of data breaches in 2023 started with phish
++
Verve, a Rockwell
Automation company, highlights the growing challenges for industrial
organizations in its latest ICS Advisory Report with the flood of new ICS
vulnerabilities each year.
- The number of industrial control systems (ICS)
advisories published each year on CISA's ICS-Cert site has stayed
consistent (an increase of 1 advisory [less than 1%] over
2022).
- However, the number of common vulnerabilities and
exposures (CVEs) contained in those advisories increased dramatically by
28%.
- A good portion of the vulnerabilities could be used
to impact the critical manufacturing sector (42%). Almost half of all the
reported vulnerabilities could affect more than one sector (49%).
- 50% of ICS advisories were reported by researchers
while only 44.5% were reported by the company.
++
Menlo Security: The
Continued Impact of Generative AI on Security Posture
- In the last half of
2023, the research team observed an 80% increase in attempted file uploads
to generative AI websites.
- In a 30-day period in Q1
2024, 55% of the data loss prevention events detected by Menlo Security
included attempts to input personally identifiable information into
generative AI platforms.
Menlo Security: 2023
State of Browser Security Report
- In the second half of
2023, Menlo Labs Threat Research team observed a 198% increase in
browser-based phishing attacks compared to the first half of the year.
- When specifically
looking at attacks classified as "evasive," the researchers observed a
206% increase. Evasive attacks utilize a range of techniques meant to
evade traditional security controls including SMS phishing (smishing),
Adversary in the Middle (AITM) frameworks, image-based phishing and brand
impersonation or Multi-Factor Authentication (MFA) bypass.
++
SlashNext: 2024
Mid-Year Assessment on the State of Phishing
- Fueled by AI-generated
attacks, SlashNext researchers observed a 341% increase in malicious
phishing link, BEC, QR Code and attachment-based email and multi-channel
messaging threats in the first half of 2024.
- Since the launch of
ChatGPT in November 2022, SlashNext researchers observed a 4,151% increase
in malicious phishing messages sent.
++
Ontinue: 1H
2024 Threat Intelligence Report
- In Q1 alone, there were
8,967 published CVE records, with over 13,400 more awaiting publication.
However, the most widely published vulnerabilities aren't always the ones
most exploited.
- At the start of 2024, we
witnessed a surge in zero-day vulnerabilities affecting Ivanti products,
with 3 of them still actively exploited today. This highlights the
critical importance for organizations to stay aware of the software and
hardware they use, ensure timely patching, and subscribe to vendor
security bulletins. Patching once a month or quarter is no longer
sufficient to maintain adequate security.
- In 2024, the
Manufacturing & Industrial sector has emerged as the most targeted
industry, with its share of attacks rising from 20% in 2023 to 41% this
year.
++
Salt:
State
of API Security Report 2024
The threat of API attacks is
growing, and traditional methods aren't advanced enough to keep up with the
rapidly-evolving digital landscape.
- 95%
of organizations experienced security problems in production APIs within
the last 12 months, with 23% suffering breaches as a result of API
security inadequacies.
- Over
one-third (37%) of the respondents, who all have APIs running in
production, reported they do not have a current API security strategy in
place.
- The
amount of APIs organizations have in their sprawl increased by 167% in the
past year.
- Only
21% of the respondents believe that their current security approaches are
effective in preventing API attacks.
- The
number of reported API incidents has more than doubled since 2023 from 17%
to 37%.
- Despite
growing API traffic, only 7.5% of organizations have implemented dedicated
API testing and threat modeling programs.
++
Auvik: 2024
IT Trends Industry Report
- On
average, 29% of network and SaaS related IT tasks are still done mostly or
completely manually.
- Only
35% of IT technicians indicated they were highly confident that their
organization's network toolset meets the needs of remote workers, but 90%
support at least some level of remote work.
++
Bugcrowd: 2024 Inside
the Mind of a Hacker Report: Insights on AI, Hardware Hacking, and
Cybersecurity Trends
- AI has opened up a new
attack vector in organizations. In a survey of 1,300 ethical hackers, 82%
of hackers believe that the AI threat landscape is evolving too fast to
adequately secure. 93% of hackers agree that companies using AI tools have
created a new attack vector
- The report illuminated
the rise of a surprising trend: the increasing prominence of hardware
hacking. In the past 12 months, 81% of hardware hackers encountered a new
vulnerability they had never seen before, and 64% believe that there are
more vulnerabilities now than a year ago.
- In response to the rise
of AI, 83% of hardware hackers are now confident in their ability to hack
AI-powered hardware and software, indicating a new potential avenue for
exploitation.
++
Critical Start: H1 Threat Intelligence Report
This
Halloween season, a new breed of cyber threats casts an ominous shadow:
deepfakes and scareware. Deepfakes-AI-generated digital apparitions-mimic
voices, faces, and even full video sequences with unsettling accuracy, making
it nearly impossible to discern between friend and foe. Cybercriminals exploit
these highly convincing forgeries to deceive people and organizations,
resulting in:
- 3,000%
Surge in Deepfake Fraud Attempts: In 2023 alone, the number of deepfake fraud attempts
has risen by a staggering 3,000%, raising significant concerns among
cybersecurity professionals.
- 6.5%
of All Fraud Cases:
Deepfakes now haunt 6.5% of all fraud cases, undermining trust and
creating confusion in various sectors.
- $1
Trillion in 2024:
The financial specter of deepfake fraud is projected to reach $1 trillion
globally in 2024, posing a serious challenge for organizations unprepared
for this growing threat.
Meanwhile, scareware lurks in the
shadows, using social engineering to spook users into reckless clicks and
downloads. Disguised as urgent pop-up warnings or critical updates, scareware
tricks victims into stepping into its trap, leading them to malicious sites or
tempting them to download malware masked as must-have software. These sinister
strategies are growing more devious, where individuals and businesses must
remain vigilant, enhance cybersecurity defenses and awareness to counter these
insidious threats before they can strike.
++
XM
Cyber: Navigating the Paths of Risk: The State of Exposure Management in 2024
- In May, XM Cyber
released its third annual State of Exposure Management Report, produced in
collaboration with the Cyentia Institute, which found that identity and
credential misconfigurations represent a staggering 80% of security
exposures across organizations, with one-third of these directly
endangering critical assets, making them prime targets for attackers to
exploit.
- The report highlights
that while only 2% of exposures occur at choke points-locations
where multiple attack paths intersect-these points are disproportionately
dangerous, as they give attackers broad access to key systems.
Organizations with poor security posture face six times more exposures
(30,000) than high-performing peers (5,000). Businesses must focus on
securing these choke points to close the most critical attack paths and
efficiently mitigate risk.
- The report also showed
that cloud environments are not exempt from the risk of exposure - 56%
of critical asset exposures are in cloud platforms, with 70% of
organizations vulnerable to attackers traversing from on-premise networks
to cloud systems. Alarmingly, attackers can compromise 93% of critical
assets in these cloud environments within just two hops.
++
Darktrace: First 6: Half-Year Threat Report 2024
- Darktrace detected 17.8
million phishing emails across its customer fleet between December 21,
2023, and July 5, 2024. Alarmingly, 62% of these emails
successfully bypassed DMARC verification checks which
are industry protocols designed to protect email domains from unauthorized
use, and 56% passed through all existing security layers.
- The report also revealed
that double extortion ransomware is on the rise. As
ransomware continues to be a top security concern for organizations,
ransomware strains like Akira, Lockbit, and Black Basta are all adopting
double extortion tactics, where data is exfiltrated within 12
hours of encryption, and victims are threatened with exposure
unless the ransom is paid. This increases pressure on victims and
complicates defenses against ransomware attacks.
++
Oasis Security: 2024 ESG Report: Managing Non-Human Identities
This Halloween, the real scare
lurking in the shadows isn't ghosts-it's Non-Human Identities (NHIs). NHIs such
as service accounts, tokens, access, and API keys often linger unmonitored,
making them prime targets for cyber threats.
- In fact, 46% of organizations have confirmed breaches through NHIs, according to
recent research from analyst firm Enterprise Strategy Group.
- Alarmingly, NHIs outnumber human
users on average by a factor of 20x in modern enterprise.
- As NHIs multiply at an alarming
rate, 52% of companies expect their count to rise by over 20% in the
coming year, according to the same report. In response, 83% of
organizations are planning to increase their spending on non-human
identity security, though many still struggle to effectively manage this
expanding attack surface.
++
Zimperium: Mobile Phishing Attacks Targeting Enterprises Surge,
Zimperium Researchers Find
- 82% of phishing sites
now target mobile devices, highlighting how s cybercriminals are
increasingly adopting a "mobile-first" attack strategy
- Financial services organizations saw
68% of its mobile threats attributed to sideloaded apps. In fact, zLabs
researchers found that mobile users who engage in sideloading are 200%
more likely to have malware running on their devices than those who do not.
APAC outpaced all regions in sideloading risk, with 43% of Android devices
sideloading apps.
- The report detected over 87K malware
samples detected a month, which is a 13% increase Y-o-Y and 80% more
spyware samples detected on enterprise devices.
Zimperium: Mishing
in Motion: Uncovering the Evolving Functionality of FakeCall Malware
- Mobile security researchers at Zimperium are releasing intel
on a new variant of the FakeCall malware. FakeCall employs a technique
known as Vishing (voice phishing), in which fraudulent phone calls or
voice messages are used to deceive victims into disclosing sensitive
information. This new variant has the ability to capture information
displayed on a screen using the Android Accessibility Service. The variant
is showing a strategic evolution in mobile security - evasive cyberattacks
are now the new normal, as cybercriminals are becoming more sophisticated
in their mobile phishing attacks.
++
Here are a few scary stats from Fortra's various threat research teams.
- $76,910.30 was the average amount of fraudulent wire transfers in blocked BEC attacks in 2024.
- This year, 27.02% of BEC phishing attacks were linked to credential theft scams.
- Fortra identified 2,142 fraudulent bank accounts in online attacks in 2024.
- The average amount requested by wire transfer peaked in January 2024 at $159,747.77.
- The number of counterfeit sites online and on social channels increased 50% from Q1 to Q2 of this year.
++
Radware - the company's First Half 2024 Global Threat Analysis Report highlighted a surge in high-intensity, volumetric attacks, marked by a growing emphasis on attacking application infrastructure. Malicious activity continues to be driven by worldwide geopolitical tensions.
- In the first half of 2024, Web DDoS attacks surged globally 265% compared to the second half of 2023.
- Application-Layer DNS DDoS attack activity quadrupled, compared to the first half of 2023
- North American online applications and APIs shouldered 66% of web attacks
- EMEA organizations faced more than 90% of web DDoS attacks
- Finance organizations experienced 44% of network-layer DDoS attacks
- Average DDoS volume blocked per organization grew by 293% in EMEA, 116% in the Americas, and 302% in APAC, compared to the same period in 2023.
++
CrowdStrike's 2024 Global Threat
Hunting Report, which offers an in-depth look into the adversary landscape
uncovered:
- Cloud intrusions
increased by 75% overall, with cloud-conscious cases amplifying 110%
year-over-year.
- The average
breakout time for eCrime intrusion activity it decreased from 79 minutes
in 2022 to 62 minutes in 2023, leaving defenders only an hour's worth of
time to minimize the cost and damage caused by the intrusion.
CrowdStrike's 2024 Threat Hunting Report, which
details findings on sophisticated eCrime threats and novel nation-state
campaigns, found:
- Adversary use of
Remote Monitoring and Management (RMM) tools increased by 70%, and 27% of
all interactive intrusions leveraged RMM tools.
++
Normalyze's Solving Enterprise Data Complexity with Data Security
Posture Management whitepaper uncovered:
- One-fourth of
businesses don't know where their sensitive data is (26% of respondents
suspect they've lost sensitive data)
- More than 60% of
sensitive data resides on public cloud services today, and it is expected
to increase to 68% within 24 months.
++
DTEX Systems's 2024 Insider Risk Investigations Report, which
sheds light on the growing threat of foreign interference levering insider
attack tactics, uncovered:
- 62% of insider
incidents attributed to nation-states involve malicious insiders
- 87% of these
incidents leverage legitimate access
- 78% of
nation-state-sponsored insider incidents involve data exfiltration
- 57% of these
incidents involve the sabotage of critical systems
++
Bitwarden 2024 Cybersecurity Pulse Survey that sheds
light on the latest cybersecurity trends and current threats facing global IT
and cybersecurity decision-makers uncovered:
- 63% find it
moderately or very challenging to maintain a strong security posture as
more employees use generative AI tools
- 46% of
respondents reported receiving a phishing scam posing as their bank, 41%
as their financial institution, and 36% as a government entity
++
Coalition's
2024 Cyber Claims Report from Coalition provides a
firsthand look at the latest cyber risks and claims trends impacting
policyholders uncovered that:
- Ransomware
severity increased 68%, resulting in an average loss of $353k.
- Ransomware, Funds
Transfer Fraud, and Business Email Compromise accounted for nearly 75% of
all reported claims.
- Coalition clawed
back $10.8 million with an average recovery of $208k
++
Lookout's
Mobile Threat Landscape Report: Q2 2024, which analyzed more than 315 million mobile apps and app
versions, found:
- More than 40% of
iOS vulnerabilities disclosed in the last 18 months have had a CVSS score
of 7/10 or greater
- There was an
increase in phishing/malicious sites from 10,540,000 in Q2 2023 to
17,870,000 in Q2 2024.
- There was a
discovery of 80,400 malicious apps on enterprise devices in Q2
++
Barracuda
Networks' Cybernomics 101 report that uncovers the financial
forces driving cyberattacks found:
- 71% of the
respondents experienced a ransomware attack in the last year, and
alarmingly, 61% of those affected chose to pay the ransom
- 50% of respondents
believe AI will enable hackers to launch more attacks
- 39% believe their
security infrastructure is adequately equipped to protect against
GenAI-powered security attacks.
++
Rapid7's
Ransomware Radar Report provides a comprehensive
analysis of ransomware incidents recorded globally uncovered:
- More than 2,570
ransomware incidents in the first half of 2024, an average of 14
publicly-claimed daily incidents.
- Within the year's
first half, Rapid7 observed 21 new ransomware groups entering the
scene.
- 68 ransomware
groups made a total of 2,611 leak site posts between January and June,
representing a 23% increase over the number of posts made in the first
half of 2023.
++
Splunk's State of Security 2024: The Race to Harness AI Report, which
analyzed how security teams are navigating generative AI, uncovered
that:
- 52% of respondents
experienced a data breach.
- 86% say the
current geopolitical climate contributes to their organization being
targeted more.
- 48% experienced
cyber extortion, making it more popular than ransomware itself.
++
Proofpoint's 2024 Ponemon Healthcare Cybersecurity Report, which
analyzes the cybersecurity threats against healthcare facilities, uncovered
that:
- 92% of
organizations surveyed experienced at least one cyberattack in the past 12
months, an 88% increase from 2023.
- 69% of
organizations say they're vulnerable to a cloud/account compromise, 69%
say their organizations have already suffered from a cloud/account
compromise
- 69% of healthcare
organizations report a disruption to patient care from cyberattacks
++
Rubrik
Zero Labs "The State
of Data Security: Measuring Your Data's Risk" report
Ransomware
produces outsized impacts on healthcare organizations as they grow in sensitive
data.
- Rubrik observed that healthcare organizations
secure 22% more data than the global average.
- A typical healthcare organization has more than
42 million sensitive data records - 50% more sensitive data than the
global average of 28 million.
- Ransomware attacks against observed healthcare
organizations have an estimated impact of almost five times more sensitive
data than the global average.
- This equates to an estimated 20% of a typical
healthcare organization's total sensitive data holdings impacted every
time there is a successful ransomware encryption event, compared to 6% for
an average organization.
- The typical 8.4 million impacted sensitive data
records in a single successful ransomware attack represents a 20% loss of
a healthcare organization's total sensitive data holdings.
- Virtualization really matters for healthcare
and ransomware: 97% of all encrypted data in Rubrik observed healthcare
organizations last year occurred within virtualized architecture compared
to 83% across all industries.
The cloud is
targeted with more frequency-and more success-than its on-premises counterparts
with blind spots making it difficult to defend including:
- Blind spot #1: 70% of all data in a typical
cloud instance is object storage. Object storage represents a common blind
spot for most security appliances because it's typically not machine
readable by these same technologies.
- Blind spot #2: 88% of all data in object
storage is either text files or semi-structured files, such as CSV, JSON,
and XML.
- Blind
spot #3: More than 25% of all object stores contain data covered by regulatory
or legal requirements, such as protected health information (PHI) and
personally identifiable information (PII).
++
HYPR’s State of Passwordless Identity Assurance report
This report uncovers vital insights into identity threats and trends based on interviews with 750 IT security professionals spanning various geographies and sectors. Shocking statistics make it clear that the digital jungle demands stronger, faster, and smarter identity solutions. Identity assurance is more than just a security measure; it’s a vital foundation for building a resilient and adaptable future.
- 91% of respondents claim credential misuse or authentication weakness as the cause of a breach—up from 82% in 2022, yet 99% of respondents rely on legacy authentication methods that remain vulnerable to these threats
- 69% of companies were breached through authentication processes, which is unsurprising as most employees use four different types of authentication methods
- 86% of financial organizations faced identity-based cyberattacks
- 67% of respondents deployed new identity tools or changed their authentication methods following a breach and 33% neglected to act
- 89% of IT professionals believe passwordless security is the ultimate shield, yet over half (53%) continue to rely on vulnerable username / password methods
++
According to OpenText Cybersecurity's 2024 Global Ransomware Survey:
Respondents are overwhelmingly concerned about supply chain attacks. Those who reported a ransomware attack this year were more likely to report that it came from their supply chain.
- Forty percent of respondents have been impacted or don’t know by a ransomware attack originating from a software supply chain partner.
- Of the respondents who experienced a ransomware attack in the past year, 62% have been impacted by a ransomware attack originating from a software supply chain partner and 90% are planning to increase collaboration with software suppliers to improve security practices in the next year.
Almost three-quarters of companies have experienced a ransomware attack this year, with more SMBs than large enterprises having experienced an attack.
- Of the 48% of respondents who have experienced a ransomware attack, 73% have experienced a ransomware attack in the last year, only a quarter have not (25%) and 2% don’t know.
- Of those who experienced a ransomware attack in the past year, a little less than half (46%) paid the ransom. 31% of their ransom payments were between $1 million and $5 million. At the same time, almost all (97%) successfully restored their organization’s data. Only 3% did not.
Respondents experienced more phishing attacks due to the increased use of AI, especially among those who have experienced a ransomware attack.
- More than half (55%) of respondents said their company is more at risk of suffering a ransomware attack because of the increased use of AI among threat actors.
- Almost half (45%) of respondents have observed an increase in phishing attacks due to the increased use of AI. Of those who experienced a ransomware attack, 69% have observed an increase in phishing attacks due to the increased AI usage.
++
According to OpenText Webroot’s 2024 GenAI Consumer Trends and Privacy Report:
- Two-thirds of respondents expressed concern about AI systems collecting and misusing personal data.
- While many people have taken steps to protect their personal data—such as using VPNs, password managers, and antivirus software—workplace privacy protection is lagging. Only 27% of employed respondents use privacy tools and settings to safeguard workplace data when using AI.
- The top privacy tools in the workplace include password managers (64%), antivirus software (63%), VPNs (62%), and ad blockers (61%).
- For personal data protection, 76% use strong, unique passwords, 69% regularly update software, and 64% enable two-factor authentication
++
Sourcing data from nearly 19 million devices, Forescout – Vedere Labs’ Riskiest Connected Devices of 2024 report reveals the hidden dangers lurking within aging and overlooked devices.
Key findings include:
- IoT Devices with vulnerabilities expanded by a whopping 136% since 2023.
- IT Devices – network infrastructure and endpoints – still account for the most vulnerabilities at 58% despite being down from 78% in 2023.
- The most vulnerable device types are wireless access points (WAPs), routers, printers, voice-over-IP (VoIP) devices, and IP cameras. The most-exposed unmanaged gear includes VoIP devices, networking infrastructure, and printers.
- The top three verticals with the riskiest devices are technology, education, and manufacturing.
++
According to Forescout – Vedere Labs’ H1 Threat Review Report:
- Vulnerabilities surged by 43% – The average number of new CVEs per day was 111 or 3,381 per month from Jan 1-July 31, 2024; 7,112 more than H1 2023
- Ransomware attacks are on the rise – Attacks averaged 441 per month, or 15 per day from Jan 1-July 31, 2024, with government, financial services, and technology companies remaining the top three targets of any industry. Active ransomware groups grew by 55%.
++
ArmorCode - Modernizing Application Security to Scale for Cloud-native Development
- 42% of security teams report that they have no visibility at all into what developers are doing to test and fix their code.
- 90% of IT, cybersecurity, and application development professionals are moderately or very concerned about identifying or flagging sensitive data shared with GenAI frameworks or chatbots.
- 86% of IT, cybersecurity, and application development professionals are moderately or very concerned about the security of APIs related to usage of GenAI.
- 81% of IT, cybersecurity, and application development professionals are moderately or very concerned about ensuring customer data is not lost of shared via GenAI.
- 67% of organizations are experiencing an increase in infrastructure-as-code (IaC) misconfigurations.
++
Red Sift - 2024 Strengthening U.S. political campaigns against cyber threats report
- After analyzing 84 Senate campaign sites and 14 Presidential or party-affiliated campaign domains, Red Sift determined that a staggering 75% of these campaign websites lack proper DMARC protection.
- Red Sift’s analysis shows that without DMARC, campaigns remain highly susceptible to phishing, domain-spoofing and impersonation attacks. These threats can slow campaign operations, create disinformation or leak confidential information, all of which can have a devastating impact during critical election periods.
- The report highlights that while technical solutions like DMARC are critical, they must also be properly configured and managed to be effective.
++
Veracode - 2024 Banking and Financial Services Snapshot of State of Software Security
- The 2024 Banking and Financial Services Snapshot of State of Software Security found that the financial sector is higher (worse) than the overall ratio, with 76% of organizations exhibiting some level of security debt across their applications. Even more concerning, 50% of organizations in the financial sector have high-severity security flaws in their applications.
- While 84% of all security debt affects first-party code, 78.6% of critical security debt comes from third-party code, further reinforcing CISA’s Open-Source Software Security Roadmap and Secure by Design Pledge.
- Specific to the financial sector, Veracode found that most (84%) of all security debt affects first-party code. But the majority of critical security debt comes from third-party dependencies. This solidifies that both first and third-party code is necessary to drive down security debt within organizations.
++
Immersive Labs
Immersive Labs' study,
Unveiling the Dark Side of GenAI: How
People Trick Bots into Revealing Company Secrets, dives into the
various ways humans are outsmarting GenAI bots and how leaders need to be
aware of prompt injection risks to take decisive action, including
establishing comprehensive policies for GenAI use within their
organizations.
- 88% of prompt injection challenge
participants successfully tricking the GenAI bot into giving away
sensitive information in at least one level of an increasingly difficult
challenge
- Nearly a fifth of participants
(17%) successfully tricked the bot across all levels, underscoring the
risk to organizations using GenAI bots.
- With the implementation of system
prompts providing specific commands (such as not translating the
password, denying any knowledge of the password), 83% of the
participants were still able to trick the bot.
- After introducing Data Loss
Prevention (DLP) checks, 71% of the participants could still bypass the
bot.
++
Ping Identity
Ping
Identity's annual report, "The Great Technology Wave: Overcoming
the Fear of Unknowns for Improved Digital Experiences," evaluates consumer sentiment when engaging
with brands online:
- Security (78%), ease of use
(76%), and privacy/consent (69%) are top concerns for consumers when
interacting with online brands.
- 54% of consumers have stopped
using an online service because they became frustrated when trying to
log in.
- 89% have complaints about
passwords, with 61% admitting they have too many to keep track of.
- 36% of consumers have fallen
victim to identity fraud, with financial identity fraud (18%), account
takeover (9%), and impersonation (8%) being the most common fraud types
experienced by respondents.
- 89% of consumers are concerned
about AI impacting their identity security.
- Most consumers (97%) have
concerns about their personal data being online, with only 8% having
full trust in organizations that manage their identity data, lower than
10% last year.
- 26% of consumers receive spam
calls daily, reaching 44% when looking at U.S. respondents alone.
++
Cohesity
According to Cohesity's 2024 Global Cyber Resilience
Report, analyzing the latest cybersecurity and ransomware trends from
over 3100 IT and security leaders from across the globe:
- 78% respondents said they have
confidence in their company's cyber resilience strategy but 83% said
they would pay a ransom to recover data and restore business processes
at a faster rate
- 69% respondents said their
organization had paid a ransom in the last year, before being surveyed,
despite 77% saying their company had a ‘do not pay' policy
- 80% respondents said they had
responded to what they believe to be AI-based attacks or threats within
the last 12 months
According to Cohesity's Consumer Survey,
analyzing 6,000+ consumers worldwide on the digital industry's data
practices:
- 81% in the US criticized
companies for collecting too much of their personal or financial data.
- 92% in the US are concerned that
AI will make securing and managing their data much more challenging.
Most even go a step further to classify AI as a risk to data protection
and security (72% in the US).
- More than half of those surveyed
do not agree with the idea that companies should pay ransoms (52% in the
US), condemning the common practice of companies buying their way out of
ransomware attacks.
++
Vectra AI
2024 State of Threat Detection and
Response Research Report: The Defenders' Dilemma - Despite the
assurances of consolidation and platformization from security vendors,
this data reveals a rising distrust towards vendors from SOC teams. Many
practitioners, while confident in their own skills, feel their tools are
falling short in effectively helping them detect and prioritize real
threats.
- SOC teams receive an average
of 3,832 alerts per day, 62% of them are ignored
- Nearly three-quarters (71%) of
SOC practitioners starting they worry they will miss a real attack
buried in a flood of alerts
- Nearly half (47%) of
practitioners do not trust their tools to work the way they need
them to work
- 54% say the tools they work with
actually increase the SOC workload instead of reducing it
- 60% of SOC practitioners say a
lot of their security tools are bought as a "box ticking" exercise
for compliance
++
Nightwing
Nightwing's Zero Trust Survey reveals that while
IT leaders recognize the importance of Zero Trust Security, many face
hurdles like managing vendors, budget constraints, and overcoming internal
resistance.
- 96% of IT professionals surveyed
agreed that their organizations needed a Zero Trust model to be
successful.
- 65% of respondents reported that
they had fully implemented a Zero Trust framework, with the remainder
planning to have the model implemented within a year.
- Only 3% of respondents indicated
they had no issues during Zero Trust implementation. IT professionals
reported an array of speed bumps along the way, including:
- Multiple products/solutions
required (43%)
- Vendors brought into the process
too late (39%)
- Budget shortfalls (39%)
- Ongoing maintenance requirements
(38%)
- Plans not followed during
implementation (37%)
- Legacy system implementations
(31%)
- Slowed productivity in some
departments (28%)
- The most common issue cited is
that organizations consider Zero Trust a low priority (49%) with many
struggling with the budgets required for the effort.
- Despite the obstacles on the path
to Zero Trust security, 32% reported seeing immediate benefits from the
model, while another 52% waited six months or longer to see benefits
materialize.
++
Entrust, a global leader in identity-centric security solutions.
2024
PKI and Post-Quantum Trends Study
- While 61% of global respondents
plan to migrate to PQC within the next five years, less than half of
organizations globally (41%) are presently preparing for the transition.
- 38% of global respondents
reported not having the right scale and technology to support the
required extra computing power for PQC.
- 51% of respondents reported a
lack of clear ownership over this transition, while 43% reported a tie
between insufficient skills and complicated or fragmented requirements
as the biggest hurdle to enabling PKI.
- Despite the fact that 44%
reported a focus on building their cryptographic strategy, 43% cited an
inability to simply inventory their crypto assets, the top concern for
all nine countries surveyed in readying themselves for the transition.
2024
State of Zero Trust & Encryption Study
- Despite 59% of organizations
reporting significant senior leadership support for Zero Trust, a lack
of skills and budget are still cited as the biggest roadblocks to
implementing these frameworks, highlighting a discrepancy between
support and resource allocation.
- 50% of respondents identified a
shortage of skilled personnel, 47% highlighted the absence of clear
ownership, and 46% pointed to inadequate staffing as the primary reasons
for the challenges associated with credential management.
++
WatchGuard, a global leader in
unified cybersecurity and MSPs
WatchGuard's quarterly Internet Security Report,
a comprehensive analysis of evolving cyber threat trends, emerging attack
vectors, major data breaches, and practical mitigation strategies.
- Q2 2024 showed a 168%
increase in evasive malware detections
quarter-over-quarter.
- Network attacks are on the rise,
increasing 33% from Q1 2024. Across
regions, the Asia Pacific accounted for 56% of all network attack
detections, more than doubling since the previous quarter.
- 7 of the Top 10 malware threats
by volume were new this quarter. New threats included a new Mirai Botnet variant,
which infects IoT devices, such as TVs and smart-home devices, enabling
threat actors to turn them into remotely controlled bots.
- A rise in malware hidden in
blockchains. Malicious
code in blockchains poses a long-term threat, as blockchains are not
meant to be changed and, theoretically, a blockchain could become an
immutable host of malicious content.
++
Gigamon, a leading deep
observability vendor helping to manage and secure hybrid cloud
infrastructures of the likes of AWS, Lockheed Martin, and the
DoD.
2024 Hybrid Cloud Security Survey
- In the last 12 months, more than
1 in 3 organizations failed to detect a breach using existing security
tools.
- Just 40% of organizations claim
to have visibility into East-West (lateral, encrypted) traffic, despite
research showing that 93% of malware now lurking behind such
traffic.
- Just under half (46 percent) of
CISOs feel only somewhat or not at all prepared to detect threats.
- 39% of CISOs cite an extortion
threat as the first indicator of a serious security breach, while 36
percent only discovered the attack when data was leaked on the dark web.
++
Silverfort, a unified identity
security company that pioneered the first and only platform that enables
modern identity security everywhere.
Silverfort's "Identity Underground Report" is the
first attempt to map out the most critical identity security weaknesses
that lead to credential theft, privilege escalation or lateral movement -
both on-prem and in the cloud.
- 64% of all user accounts
authenticate via the weakly encrypted NTLM protocol, providing attackers easy access
to cleartext passwords. Easily cracked with brute-force attacks, NTLM
authentication is a prime target for attackers looking to steal
credentials and move deeper into an environment.
- A single misconfiguration in an
Active Directory account spawns 109 new shadow admins on average. Shadow admins are user accounts
with the power to reset admin accounts' passwords or manipulate accounts
in other ways. Attackers use Shadow Admins to change settings,
permissions, and give themselves more access to machines as they move
deeper into an environment.
- 7% of user accounts inadvertently
hold admin-level access privileges, giving attackers more opportunities to escalate
privileges and move throughout environments undetected.
- One in every ten user accounts
operates as a service account, representing highly privileged machine
identities. Attackers
target service accounts, as they are often overlooked or unknown to the
security and identity teams that manage them.
- 13% of user accounts are
categorized as "Stale accounts," which are effectively dormant,
serving as easy targets for lateral movement and evading detection by
attackers.
++
LevelBlue simplifies cybersecurity
through award-winning managed services, experienced strategic consulting,
threat intelligence, and renowned research.
Financial services leaders face an urgent challenge: balancing the rapid
pace of innovation with the need for robust cybersecurity. The 2024 LevelBlue Futures Report for
Financial Services delves into the critical misalignment between
business goals and IT priorities that puts organizations at risk.
- 89% of financial services
respondents anticipate that dynamic computing will enhance operational
performance within the next three years. Yet, a similar number
acknowledge the increased exposure to risk.
- 69% of financial services
respondents believe cybersecurity is an afterthought in their
organizations with another 72% confirming efforts are often siloed.
- 66% of financial services
respondents indicate that cybersecurity resilience initiatives are not
sufficiently factored into the organization's budget. In fact, 85% of
financial organizations report budgets are reactive rather than
proactive.
- The adoption of
Cybersecurity-as-a-Service (CSaaS) is on the rise, with 34% opting to
outsource their cybersecurity needs rather than managing them in-house.
- 62% of financial services
respondents reveal there's a lack of understanding about cybersecurity
at the board level.
++
Venafi
Venafi's Organizations Struggle to Secure
AI-Generated and Open Source Code report surveyed 800 security leaders
to better understand their concerns around the use of AI-generated and
open source code in their production environments, as well as what they
believe are their best options for mitigating risk.
Tension Between Security and
Developer Teams
- 83% of security leaders say
their developers currently use AI to generate code, with 57% saying it
has become common practice.
- However, 72% feel they have no
choice but to allow developers to use AI to remain competitive, and 63%
have considered banning the use of AI in coding due to security risks.
Inability to Secure at AI Speed
- 66% of respondents report it is
impossible for security teams to keep up with AI-powered
developers.
- As a result, security leaders
feel like they are losing control and that businesses are being put at
risk, with 78% believing AI-developed code will lead to a security
reckoning and 59% losing sleep over the security implications of
AI.
Governance Gaps
- 63% of security leaders think it
is impossible to govern the safe use of AI in their organization, as
they do not have visibility into where AI is being used.
- Despite concerns, less than half
of companies (47%) have policies in place to ensure the safe use of AI
within development environments.
Open Source Overload
- On average, security leaders
estimate 61% of their applications use open source - although GitHub
puts this as high as 97%. This over-reliance on open source could
present potential risks, given that 86% of respondents believe open
source code encourages speed rather than security best practice amongst
developers.
Vexing Verification
- Ninety percent of security
leaders trust code in open source libraries, with 43% saying they have
complete trust - yet 75% say it is impossible to verify the security of
every line of open source code. As a result, 92% of security leaders
believe code signing should be used to ensure open source code can be
trusted.
++
Deep Instinct, a zero-day data
security company
Deep
Instinct's 2024 Voice of SecOps report examines
the role of generative AI in cybersecurity, addressing both its potential
and its risks. The report, conducted by Sapio Research, surveyed 500
senior cybersecurity experts from companies with 1,000+ employees in the
U.S. operating in financial services, technology, manufacturing, retail,
healthcare, public sector, or critical infrastructure.
- Corporate leadership teams are
now prime targets for deepfake manipulation. Over the past year, 61% of
organizations experienced a rise in deepfake incidents, with 75% of
these attacks impersonating an organization's CEO or another member of
the C-suite.
- The rise of adversarial AI is
taking a toll on cybersecurity professionals, with 66% admitting their
stress levels are worse than last year and two in three (66%) saying AI
is the direct cause of burnout and stress.
- Three in four security
professionals (75%) had to change their cybersecurity strategy in the
last year due to the rise in AI-powered cyber threats, with 73%
expressing a greater focus on prevention capabilities. Additionally, 97%
of respondents are concerned their organization will suffer a security
incident due to adversarial AI. Yet, 41% are still relying on EDR
solutions for protection.
- 42% of organizations currently
use preventative technologies, like predictive prevention platforms, to
help protect against adversarial AI.
- However, more than half (53%) of
security professionals feel pressure from their board to adopt tools
that allow them to prevent the next cyber attack, rather than rely on
antiquated defense mechanisms that have proven ineffective.
++
Veriff
Veriff's Fraud Index 2024: Part 2
- Is a follow-up survey of end users measuring their experiences of
online fraud and their appetite towards fraud-prevention measures:
- Almost 58% of US respondents
encountered fraudulent or suspicious activity at least once over the
year, compared with just 37% in the UK.
- 77% of respondents who said they had lost money
from fraud over the year said they expected a company to reimburse them
for money lost.
- More than 56% of respondents consider
a company's record on fraud prevention when choosing whether to sign up
for their service.
- The use of AI and deepfakes in
the political process has become a major concern, with 73% of
US-based respondents reporting they are worried about its impact on
elections.
- Most consumers believe parents
are responsible for keeping their children safe online. However, for 38.46%
of respondents, the website, platform, or app being used is also
responsible.
Veriff's Fraud Industry Pulse Survey
2024 surveyed hundreds of senior decision-makers and fraud leaders
from businesses across the US in April 2024 to understand how fraud is
impacting their businesses.
- Almost 87% of respondents
reported an increase in online fraud in the year to April 2024. Just 1.19%
of respondents said they experienced zero fraudulent IDV attempts in
a month.
- Nearly 78% of U.S.
decision-makers have seen an increase in the use of AI in fraudulent
attacks over the past year. On the flip side, nearly 79% of CEOs
are using AI and ML in fraud prevention.
- More than 86% of
decision-makers say their customers are now more demanding of robust
fraud prevention capabilities.
++
Gurucul
Gurucul's 2024 Insider Threat
Report surveyed 413 IT and cybersecurity professionals to uncover the
latest trends, challenges, and strategies for combating insider
threats.
Key report findings
include:
- 48% of
organizations saw an increase in insider attacks over the past 12 months,
with 51% experiencing six or more attacks within the past year.
Remediation costs for these incidents exceeded $1 million for 29% of
respondents.
- The
primary drivers behind the rise in insider attacks were complex IT
environments (39%), adoption of new technologies (37%), and inadequate
security measures (33%), reflecting critical areas that require
attention.
- 71% of
organizations reported feeling at least moderately vulnerable to insider
threats, underscoring a growing awareness and concern over internal
risks.
- Although
93% of respondents consider unified visibility and control across
environments crucial, only 36% have a fully integrated solution to achieve
this, highlighting a need for more cohesive security
strategies.
- 50% of
respondents use partially integrated solutions, while 28% manage
visibility through separate, non-integrated tools. Additionally, 17%
indicate inadequate tooling, and 20% rely on disparate systems for
monitoring users, applications, and devices, revealing a substantial tools
gap.
- The
primary obstacles to implementing effective insider threat management
tools were technical challenges (39%) and cost factors (31%).
++
Zenity
The average large enterprise
has close to 80,000 apps and copilots that have been developed outside the
traditional software development lifecycle and about 62% of these contain
security vulnerabilities. The average large organization has developed over 2,600
of their own AI copilots using low-code platforms and 63% of those were
overshared to members of both the organization and the public, creating risks
for prompt injection and data leakage. - researchers at Zenity, The
State of Enterprise Copilots & Low-Code Development in 2024
++
Palo Alto Networks
Three-quarters of industrial
organizations in 16 countries have detected malicious cyber activity in their
OT environment in the past year; 1 out of 4 were forced to shut down OT
operations due to a successful attack in the past year, either because of actual
disruption or as a preemptive measure. - Palo Alto Networks' 2024
State of OT Security Report
++
Unit 42 team at Palo Alto Networks:
According to a recent report from our Unit 42 team at Palo Alto Networks, there has been a 49% increase in ransomware victims in 2024, with the US impacted by a majority (52%) of total global attacks.
++
Utimaco
78% of U.S. consumers
worry about their data security when using online services; 61% now say
security is the most important factor when picking a financial institution, up
from 24% in 2023. - Utimaco's new
consumer survey with YouGov.
++
DNSFilter
DNS continues to be a
prominent target for cybercriminals. According to DNSFilter's recent threat
intelligence report:
- The
percentage of unique domains attempted by users but blocked as threats
rose notably, from 1.6% in Q3 2023 to 3.6% in Q3 2024.
- Queries
to malicious domains-encompassing malware, phishing, deception, and botnet
sites-amounted to over 16.6 billion potential threats from July to
September 2024 on the DNSFilter network.
- DNSFilter
observed a significant spike in traffic to potentially harmful domains
containing the word "Olympic" during the Paris Olympics, peaking at 546%
above the average on August 1, 2024.
- With
hurricane season underway, activity on domains containing "hurricane" also
surged. Malicious queries for these domains rose by 460% over the daily
average on September 27, 2024.
- With
the election coming up, DNSFilter has seen a rise in traffic to new
domains with election-related keywords, including the terms
"vote" and "voting". Traffic to this term on September
18 was 14x the daily average, with steady traffic between September 17 and
September 29, showing increased interest in these domains in the lead up
to the election.
##