Kaspersky outlines major cybersecurity challenges for 2024
The evolving landscape of cybersecurity continues to challenge organisations and the public as new threat actors, emerging technologies, and threats arise. Kaspersky has outlined significant cybersecurity challenges for 2024, including the rising sophistication of cyberattacks driven by artificial intelligence, ransomware becoming a service for cybercriminals, and threats to iOS systems through Operation Triangulation.
According to the Kaspersky Incident Response Analyst Report 2023, a substantial 75% of cyberattack attempts exploited Microsoft Office, with public applications and compromised accounts being the primary infection vectors. While there was a 36% reduction in attack attempts in Q1 of 2023 compared to the same period in 2022, threats remain substantial.
The report noted that after experiencing a cyberattack, 33.3% of organisations suffered data encryption, 21.1% experienced data theft, and 12.2% had compromised active directories. A 2022 survey highlighted ransomware (66%) and data theft (66%) as the foremost concerns, followed by cybersabotage (62%), supply chain attacks (60%), and DDoS attacks (60%).
In 2023, governments (27.9%) were the most targeted sector, followed by manufacturing (17%), financial institutions (12.2%), and IT companies (8.8%). Geographically, Asia and CIS regions faced the most incidents (47.3%), trailed by the Americas (21.8%), the Middle East (10.9%), and Europe (9.1%).
Igor Kuznetsov, Director of Kaspersky's Global Research & Analysis Team (GReAT), commented, "Governments were the most prolific target by threat actors followed distantly by manufacturing and financial institutions with the largest cyberthreat risk being ransomware and cybersabotage."
Among notable developments, ransomware as a service (RaaS) has emerged as a sophisticated process involving multiple specialised cybercriminals. RaaS operates like a business, with developers creating malware that can be purchased and deployed by other cybercriminals. Igor noted, "There are three popular myths in regards to ransomware. The first is that cybercriminals are just criminals with an IT education, that the targets of ransomware are set before an attack, and that ransomware gangs are acting along."
He further explained that most ransomware incidents are opportunistic, and many gangs work with affiliates similar to a business model. "Contrary to popular opinion, most cyber incidents are opportunistic attacks while many ransomware gangs actually work with affiliates much like a business, performing ransomware as a service (RaaS)," he said.
Kaspersky reported that their security solutions protected over 220,000 businesses globally, preventing 6.1 billion attacks and stopping 437 million internet-borne threats. Additionally, 325,000 users were shielded from financial loss due to banking trojans. Over 411,000 unique malware samples were detected daily in 2024, an increase from 403,000 in 2023. 2023 also saw the detection of 106 million unique malicious URLs and the activity of 200 advanced persistent threat (APT) groups.
Another significant threat identified is Operation Triangulation, targeting iOS devices with malware exploiting hardware vulnerabilities in Apple CPUs. This operation involves the deployment of a complex multi-stage malware payload via malicious iMessages, granting attackers full control over the device. Apple has since patched these vulnerabilities, but users are encouraged to regularly update their firmware, reboot devices, and disable iMessage to mitigate future risks.
Supply chain attacks also present a significant risk with containerized systems running on open-source software. Such systems depend on numerous third-party dependencies, posing supply chain risks. Igor remarked, "Containerized systems often rely on numerous third-party dependencies, introducing significant supply chain risks from both malicious intent and unintentional flaws."
Proper security policies for containerized systems are essential, including scrutinizing images for vulnerabilities, ensuring registry accuracy, and implementing strong access and network control policies. Kaspersky suggests integrating solutions like Kaspersky Security Container for robust multi-level protection.
In conclusion, Kaspersky underscores the importance of maintaining a mature security posture through effective strategy, employee education, up-to-date threat intelligence, and appropriate technology application. Recommended measures include regular operating system and software updates, access to the latest threat intelligence, cybersecurity training, endpoint detection, and incident response services.