- Cyber Security Threat Management: What to Watch For in 2024 - December 8, 2023
- Eight Considerations for Choosing a Cybersecurity MSP - September 27, 2023
- 5 Proven Ways to Improve Your Cyber Security Threat Management - August 30, 2023
Cyber security threat management remains a top priority for organizations, and as digital technologies evolve at warp speed, cyberattacks become more sophisticated.
To help you take a holistic look at what’s happening with cyber security threat management and understand what should be on your radar for 2024, we’re sharing some of the 2023 Comcast Business Cybersecurity Threat Report highlights.
Cyber Security Threat Management by the Numbers
The report analyzes 23.5 billion cybersecurity attacks Comcast Business detected across their extensive pool of security customers in 2022.
Phishing remains one of the biggest concerns for cybersecurity threat management, and Comcast found that 9 out of 10 attempts to breach customers’ networks started with phishing.
Post-phishing activities detected included:
- 9.1 million average daily phishing clicks.
- 24.3 million malicious URLs opened.
- 16.9 million malware.
Additionally, the research also found:
- Nearly 27 million suspected evasion tactics.
- 14 million malware attacks.
- 73% of the reconnaissance tools used by adversaries were vulnerability scanners.
- 159.8 million credential theft attempts and 3.5 million brute force attempts.
- Of the credential theft malware detected and disabled by Comcast, 34% were directed at financial information and credentials.
- There were 14.9 billion malware and or botnet-related activities detected.
- 243 million crypto mining-related botnet activities.
Four Things to Watch For in 2024
Cybercriminals love nothing more than causing a digital disruption, and with things like AI becoming even more sophisticated, staying one step ahead is a key piece of your cyber security threat management strategy.
Moving into this year, here are four things to ensure you’ve included in your cyber security plan.
#1. Stolen Credentials
One of the biggest foes to your cyber security threat management is anyone acquiring “legitimate” credentials. This tactic allows them to verify applications, circumvent your security measures, gain increased privileges, and have unfettered access to engage in malicious activities.
According to the Comcast report, in 2022 alone, they found 54 million instances — ranging from unsuccessful log-ins to brute-force attacks — where the cyber criminal attempted to exploit credentials to gain access.
Remote Desktop Protocol (RDP) is the most coveted type of stolen credential, easily found for sale on the dark web.
With AI phishing tools gaining traction, we can expect to see even more attempts to steal credentials to gain access to sensitive information.
#2. Remote Desktop
As mentioned above, remote desktops are highly vulnerable, making them a critical part of your cyber security threat management strategy.
The pandemic created a massive need for remote desktop access, but the rush to ensure everyone could stay connected from home sometimes led to leaving unused ports open and exposed.
RDP vulnerabilities are now often exploited to infiltrate networks with ransomware, such as Maze, Venus, and Ryuk. This wave of network exploits extends beyond RDP as unauthenticated users target weaknesses in the Transmission Control Protocol (TCP). This results in 139 million attempts to establish TCP connections with vulnerable servers.
#3. Backdoor Malware
Having access whenever they want — allowing them to drop in and out of your network at will — is a big priority for your cyber criminals. Once a machine is corrupted with backdoor malware, encrypted reverse SSH-proxy tunnels communicate between your network and the adversary’s command and control. Once that’s in place, cybercriminals have endless ways to attack, primarily by downloading additional malware, infecting additional machines, and creating a network of infected devices.
Just how pervasive is this problem?
In 2022, Comcast found over 14 billion backdoor malware events within their customers’ IT environments. They also blocked approximately 6 billion connection attempts to malware drop sites by infected machines.
Malware, once installed, is not only hard to detect but also disable. This is precisely why your cyber security threat management strategy should include a robust plan for preventing malware attacks.
#4. Apache Log4j
If you’re unfamiliar with Log4j, you need to be. Emerging as a zero-day vulnerability in 2021, when a series of critical vulnerabilities were publicly disclosed, the exploits of this have become endemic. Comcast stopped nearly 105 million Log4j exploits on their customers last year, which reflects the significant risk this still poses.
In many cases, after the Log4j exploits, Comcast saw additional attempts at backdoor malware installation and data and system credential theft. The compiled data suggests that many blocked malware attempts resulted from post-Log4j exploits.
What makes these attacks so prevalent is that since they’re deployed across Java applications by the millions, these attacks are often successful because only an estimated 28% of vulnerable organizations have remediated or patched susceptible applications as of October 2022.
Additionally, despite the remediation of systems being completed by many organizations, many reintroduced Log4j as new applications were integrated into their existing environments.
Cyber Security Threat Management: Start with an Audit
In a world where cybercriminals continuously seek new avenues of attack, staying one step ahead and fortifying your defenses is not just a goal; it’s a necessity. By addressing these concerns and taking a proactive stance, you can better protect your organization from the ever-growing threat landscape and safeguard your digital assets for the future.
The Bridgepointe team knows how mission-critical security is in today’s threat landscape, so our security experts focus on getting you set up with the right security strategy and solutions to help you identify and defend against a wide range of threats.