Analyzing the 2024 Cyber Threat Landscape: A Year of Escalating Cyber Threats

September 20, 2024 | Cybersecurity
By Ashwani Mishra, Editor-Technology, 63SATS
Four major actor categories: State-nexus, cybercriminals, Private Sector Offensive Actors (PSOAs), and hacktivists
State-nexus actors increasingly use advanced techniques, such as LOTS and Living Off The Land (LOTL), to avoid detection and exploit vulnerabilities.
Hacktivists, often less sophisticated, have been used as proxies in larger state-led campaigns(ENISA).

The ENISA Threat Landscape 2024 report delivers critical insights into the evolving cyber threat landscape. It identifies prominent threats, profiles threat actors, and explores vulnerabilities.

With the rapid rise of state-sponsored attacks, ransomware, and misinformation campaigns, understanding these trends is essential for building robust cybersecurity defenses.

“Exploiting the Gaps: Vulnerabilities in Focus for 2024”

Key Points:

The vulnerability landscape saw the identification of 19,754 vulnerabilities, with 9.3% deemed critical​

Edge devices and cloud environments have emerged as major targets, as attackers exploit legacy issues and poor patch management​ (ENISA).

“Ransomware Still Dominates: A Threat That Won’t Go Away”

Key Points:

Ransomware remains the top threat, with multi-extortion tactics now common​

Financial gain is the primary motive, but disruptions of critical infrastructure are increasingly common ​(ENISA).

“Malware Evolution: A Threat Expanding in Scope”

Key Points:

Malware remains pervasive, especially with the use of information stealers.

Malware-as-a-Service (MaaS) continues to expand, with both nation-state actors and cybercriminals using advanced malware strains​(ENISA).

“The Human Weak Link: Social Engineering on the Rise”

Key Points:

Social engineering attacks, including phishing and business email compromise (BEC), remain a key entry point for many attacks​

These attacks are increasingly sophisticated, leveraging platforms like social media and messaging apps to trick users​(ENISA).

“Data Breaches: Securing the Modern Economy’s Most Valuable Asset”

Key Points:

Data-related threats, both breaches and leaks, are among the top cyber risks.

Sectors holding vast amounts of personal data, such as finance and healthcare, are prime targets ​(ENISA).

“DDoS Attacks: Disrupting Critical Infrastructure”

Key Points:

Denial of Service attacks are not new but have become more targeted, especially toward public administration and transport sectors​(ENISA).

DDoS-for-hire services allow even low-skilled attackers to launch significant attacks​(ENISA).

“The Battle for Truth: Misinformation as a Cyber Weapon”

Key Points:

State actors increasingly rely on information manipulation, often aligning with geopolitical conflicts, such as Russia’s invasion of Ukraine​(ENISA).

AI-enabled disinformation is emerging as a powerful tool, though still in its early stages​(ENISA).