According to Mandiant’s M-Trends 2024 Report, there’s a noticeable rise in the exploitation of software and operating system vulnerabilities as the initial means of network access, with phishing attacks decreasing in prevalence. Mandiant, a division of Google Cloud, is renowned for its services in cyber defense, threat intelligence, and incident response. The basis of the report is from Mandiant Consulting’s investigations of targeted attacks from January 1, 2023 to December 31, 2023.
Mandiant’s investigation revealed that 38% of attacks exploited software vulnerabilities as the initial means of access, higher by 6% from 2022. 17% of attacks used phishing for initial access, lower by 5% from 2022. Attackers are targeting more edge devices and are taking advantage of many vulnerabilities. In 2023, Mandiant discovered 97 different zero-day vulnerabilities that attackers exploit in the wild, higher by 56% from 2022. Only a few threat actors are used to exploit zero-day vulnerabilities, usually nation-state cyberespionage groups. Although state-sponsored threat actors still exploit zero-day vulnerabilities, particularly China-sponsored threat actors, more ransomware and data extortion gangs are getting and using 0 days, assisted by the growth of commercially accessible turnkey exploit products.
Threat actors are merging exploits of zero-day vulnerabilities with living-off-the-land strategies, which entail local, legitimate applications inside a system to enable them to stay persistent for a longer time and avoid discovery. One reason for the drop in using phishing as a preliminary attack vector is the prevalent use of multifactor authentication (MFA). Although MFA is efficient at stopping phishing attacks, Mandiant has seen a rise in using web proxies and enemy-in-the-middle phishing web pages that can steal qualifications and sign-in session tokens to circumvent MFA. Protection could be enhanced against these attacks by implementing phishing-proof MFA.
Mandiant has additionally seen a rise in malware, as 626 new malware variants were discovered in 2023, higher than any other year thus far. The most prevalent malware families were
- 33% – backdoors
- 16% – downloaders
- 15% – droppers
- 7% – credential stealers
- 5% – ransomware
The sectors most often attacked by threat actors include:
- 17% – financial services
- 13% – business and professional services
- 12% – high technology
- 9% – retail and hospitality
- 8% – healthcare
Attacks are more and more focused on cloud environments since more companies have shifted to using the cloud. The most probable reason for attacking these industries is the huge collection of sensitive data, which includes private business information, financial records, personally identifiable information, and protected health information (PHI).
Mandiant’s report reveals that companies are becoming much better at discovering attacks. In 2023, attackers were in the systems for an average of 10 days before being detected; it was 16 days in 2022. Defenders are happy, however, companies should stay heedful. A vital theme in the M-Trends 2024 report is that attackers are doing something to avoid discovery and stay on systems for a longer time. This is accomplished by using zero-day vulnerabilities, which further emphasizes the need for a powerful threat hunt software, thorough inspections, and remediation in case of a security breach, and HIPAA training for IT professionals.
