#Cambridge #Cybersecurity #United Kingdom #Darktrace #Malware-as-a-Service

Darktrace's 2024 Annual Threat Report

Darktrace, renowned for its innovative AI-driven cybersecurity solutions, has unveiled its 2024 Annual Threat Report, shedding light on the evolving landscape of cyber threats. A notable finding reveals that Malware-as-a-Service (MaaS) now accounts for over 57% of all detected threats, marking a staggering 17% rise since the first half of 2024.

The Rise of Cybercrime-as-a-Service

MaaS is part of a broader trend of Cybercrime-as-a-Service (CaaS), enabling even novice cybercriminals to execute sophisticated attacks. The report indicates that tools associated with MaaS witnessed a significant uptick, climbing from 40% to 57% in the latter half of 2024. This surge underscores a concerning shift, as more aspiring hackers gain access to advanced attack tools previously reserved for experts.

Within the same timeframe, Remote Access Trojans (RATs) also gained traction, representing a staggering 46% of campaign activities. This alarming growth illustrates a shift towards more intricate attacks, with RATs allowing malicious actors to remotely manipulate infected devices, facilitating further illegal activities such as credential theft and data exfiltration.

Darktrace's Threat Research team has been vigilant, tracking various ransomware groups, including the emergence of new strains like Lynx. The report details how these threat actors are increasingly employing advanced tactics, utilizing legitimate software like AnyDesk and Atera to camouflage their malicious activities and exfiltrate data to commonplace cloud storage services. The emphasis on circumvention techniques alongside phishing reveals a paradigm shift in threat execution strategies.

Phishing: The Primary Attack Vector

Phishing attacks remain a staple method for cybercriminals, with Darktrace detecting over 30 million phishing attempts within its client network from December 2023 to December 2024. Specifically, spear phishing has emerged as a significant concern, constituting 38% of all phishing attempts. These tailored attacks specifically target high-value individuals, employing novel social engineering methods, including artificial intelligence-generated content designed to evade traditional defenses.

Strikingly, a substantial 70% of the phishing emails successfully bypassed DMARC authentication standards, while 55% evaded other security measures before detection by Darktrace's technology. Moreover, over 940,000 malicious QR codes were also flagged, showcasing the diverse array of tactics employed by cybercriminals today.

In 2024, executives and staff at third-party platform providers, such as Zoom and Adobe, were increasingly targeted, allowing cybercriminals to exploit widely trusted services to advance their schemes. As malicious actors adapt to current technological trends, traditional security mechanisms struggle to remain effective.

The Evolving Evasion Techniques

Rather than aiming for sheer disruption, contemporary threat actors are shifting their focus toward stealth during network intrusions. By exploiting vulnerabilities in edge devices and employing Living-off-the-Land (LOTL) techniques, these actors are adept at navigating undetected within systems. Darktrace reported that a breathtaking 40% of identified activities in early 2024 centered on exploiting internet-facing devices, such as Ivanti firewalls and Fortinet appliances.

By harnessing both automation and AI, modern techniques have reached unprecedented levels of sophistication. Smaller cybercriminal organizations, as well as more sophisticated Advanced Persistent Threats (APTs), benefit from leveraging legitimate systems to achieve their goals while remaining undetected.

Nathaniel Jones, VP of Threat Research at Darktrace, emphasizes the urgency for organizations to strengthen their cybersecurity posture. In light of the growing complexity of threats, it's essential to build proactive resilience across systems and practices. Organizations must recognize that a reactive stance is insufficient; instead, they should actively address weaknesses before they fall victim to increasingly bold attackers.

As the threats evolve, so too must the strategies we employ to safeguard our digital environments. For further details, interested parties are invited to download the full Darktrace 2024 Annual Threat Report from their official site.

About Darktrace

Founded in 2013, Darktrace leads the way in AI cybersecurity, continually adapting to a rapidly changing threat landscape across nearly 10,000 clients worldwide. Its core technology, the Darktrace ActiveAI Security Platform™, employs machine learning to analyze unique user patterns in real-time, ensuring comprehensive protection against previously unknown cyber threats.