Your Quarterly Cyber Threat Report: Q3 2024
Take me to the key takeaways...By Joe Aucott
August 16, 2024
Staying updated on the latest cyber threats isn’t just a good idea—it’s essential for protecting your organisation’s data and reputation. Cybercriminals are constantly evolving, finding new ways to exploit vulnerabilities. Without regular updates, you risk falling behind and becoming an easy target for these ever-changing threats.
Q3 2024 has been a particularly dynamic period in the cybersecurity arena. We’ve seen significant shifts, from the resurgence of sophisticated ransomware campaigns to innovative phishing techniques that catch even the most prepared off guard. We also had the biggest cybersecurity/IT outage the world has seen in a good while.
Ransomware remains a top concern in the cybersecurity world, and Q3 2024 was no exception. This quarter saw a 15% increase in ransomware incidents compared to previous quarters, reflecting the persistence and adaptability of cybercriminals.
One notable attack targeted a major healthcare provider, crippling its operations and forcing the organisation to pay a substantial ransom to regain access to their systems. This incident serves as a stark reminder of the destructive potential of ransomware, especially in sectors where downtime can have life-threatening consequences. The average ransom payment in 2024 has escalated to over $1.8 million per incident, underlining the severe financial impact of these attacks.
Phishing continues to be one of the most widespread cyber threats, with Q3 2024 witnessing a rise in both the number and sophistication of these attacks. Phishing attacks accounted for 38% of all cyber threats in this quarter, with spear-phishing attacks seeing a 22% increase from Q2.
Cybercriminals are deploying increasingly convincing tactics, such as personalised spear-phishing emails that mimic trusted entities almost perfectly. These emails often contain links to fraudulent websites that are nearly indistinguishable from the real ones, tricking even the most cautious users into divulging sensitive information. To combat this, organisations should focus on ongoing employee training and deploying advanced email filtering systems that can detect and block these threats before they reach inboxes. Notably, 60% of organisations experienced at least one successful phishing attempt in the past year.
As businesses increasingly migrate to cloud-based services, the security of these platforms becomes ever more critical. Q3 2024 saw several high-profile cloud security breaches that exposed significant vulnerabilities in widely-used cloud infrastructures. These breaches had far-reaching impacts, affecting over 1,200 businesses globally and exposing an average of 2.4 million records per incident.
A major incident involved a breach in a leading cloud service provider, where attackers exploited a misconfigured setting, leading to the exposure of sensitive customer data. This highlights the importance of not only choosing secure cloud providers but also ensuring that configurations are regularly reviewed and updated to close any potential security gaps. The average cost per breach in 2024 is now exceeding $4.35 million, emphasising the financial stakes of cloud security.
In Q3 2024, the cybersecurity arena was shaken by a significant outage experienced by CrowdStrike, one of the industry’s leading cybersecurity providers. This event not only disrupted services for thousands of businesses but also highlighted critical vulnerabilities within cloud-based security solutions.
The outage was triggered by a flaw in CrowdStrike’s infrastructure, caused by a single sensor update error, leading to widespread Microsoft service disruptions. This incident underscored the importance of understanding the intricacies of your cybersecurity vendor’s infrastructure and the potential risks involved. For businesses relying on cloud-based security, this outage served as a stark reminder of the need for rigorous vendor assessments and contingency planning.
Key lessons from this outage include the necessity of asking vendors the right questions about their security posture and recovery plans. Businesses should ensure that their vendors have robust incident response strategies and are transparent about their capabilities to handle such crises. Additionally, the event highlighted the importance of maintaining a multi-layered security approach to avoid over-reliance on a single vendor.
In the aftermath, many organisations were prompted to reassess their cybersecurity strategies, incorporating more stringent checks and balances to safeguard against similar disruptions in the future. The CrowdStrike outage serves as a critical case study in the ever-evolving battle against cyber threats, illustrating that even the most advanced security systems are not immune to breaches.
As artificial intelligence (AI) continues to evolve, so do the methods employed by cybercriminals. In Q3 2024, we’ve seen a notable 25% increase in the use of AI to launch more sophisticated and targeted cyber attacks. Cybercriminals are leveraging AI to automate tasks such as vulnerability scanning, phishing campaigns, and even creating malware that can adapt to its environment in real-time. These AI-driven attacks are not only faster but also more difficult to detect, as they can mimic legitimate user behavior and bypass traditional security measures.
Looking ahead, the impact of AI in cybersecurity is expected to grow exponentially. Experts predict that AI-driven cybercrime could cause up to $20 billion in damages by 2025. To counter this, cybersecurity defences will also need to incorporate AI, creating a high-stakes arms race where the most advanced technology wins.
Supply chain attacks have emerged as one of the most significant threats in Q3 2024. Cybercriminals are increasingly targeting vulnerabilities within the supply chains of large organisations, recognising that an attack on a less secure third-party supplier can provide a backdoor into a more fortified target. Supply chain attacks accounted for 19% of all cyber incidents in Q3 2024, with a 10% increase compared to Q2.
Notable examples from this quarter include attacks on software vendors, where compromised updates were used to infiltrate customers’ networks, leading to widespread data breaches and operational disruptions. The manufacturing sector, in particular, saw a 15% rise in supply chain-related breaches, significantly impacting production timelines.
To protect against these risks, organisations need to adopt a more holistic approach to cybersecurity. This includes conducting thorough due diligence on all third-party vendors, implementing strict access controls, and regularly auditing supply chain security practices. By ensuring that all links in the supply chain adhere to high-security standards, businesses can reduce their exposure to these increasingly common and damaging attacks.
To effectively safeguard against the cyber threats identified in Q3 2024, organisations must adopt a multi-layered approach to cybersecurity. This involves implementing robust firewalls, intrusion detection systems, and regular vulnerability assessments to detect and mitigate threats early. Ensuring that all software is up to date with the latest security patches is critical in closing potential entry points for attackers. Additionally, organisations should maintain a comprehensive incident response plan that includes regular testing and updates, enabling a swift and coordinated response to any security breach.
One of the most effective ways to protect against cyber threats is through continuous employee training and awareness programs. Cybercriminals often exploit human error as the weakest link in security, making it essential for employees to be well-versed in identifying and responding to potential threats. Regular training sessions should cover the latest phishing tactics, social engineering schemes, and safe practices for handling sensitive information. By fostering a culture of cybersecurity awareness, organisations can significantly reduce the risk of successful attacks.
With the increasing reliance on cloud-based services, enhancing cloud security measures has become paramount. Organisations should begin by ensuring that they have a clear understanding of their cloud provider’s security protocols and by implementing strong encryption for data both at rest and in transit. Multi-factor authentication (MFA) should be mandatory for accessing cloud resources, adding an extra layer of security against unauthorised access. Regularly reviewing and updating access controls, as well as conducting periodic security audits of cloud configurations, can help identify and address vulnerabilities before they are exploited.
