Security information and event management (SIEM) provider Splunk recently released its report on the top cyber security threats IT leaders need to be aware of in 2024.
Cybersecurity is "essential," Splunk President and CEO Gary Steele said in the report. Yet, "many organizations still haven't reached the peak of their security operations," he said. Reasons he cited include an ever-evolving threat landscape; increasingly complex hybrid and cloud infrastructures; bogged-down security teams; and a proliferation of tools used inside organizations.
A crucial way to stay a step ahead of bad actors is being aware of the top cybersecurity threats. Here are 10 of the biggest security threats from the Splunk's "Top 50 Cybersecurity Threats" report:
Account Takeover
Account takeovers can occur when a bad actor poses as an actual employee, user or customer to gain unauthorized access to the network. Malicious "one-click" apps, brute force attacks, phishing and other malware are some of the methods hackers often employ.
Organizations should implement access control technologies like multifactor authentication (MFA) and adopt a "zero-trust" security strategy for devices internal and external to the organization as well as access to all resources, Splunk advised in its report.
Advanced Persistent Threat (APT)
An advanced persistent threat is when a bad actor breaks in, avoids detection, and obtains information on a computer system or network. While Splunk points out that APTs are often politically motivated, they do happen to businesses and are used by hackers to steal data or intellectual property.
Amazon Web Services (AWS) Attacks
While Amazon says it is responsible for security outside of a virtual machine, AWS customers are responsible for security inside an S3 container. Splunk cited one example of a digital marketing company that failed to password protect its Amazon S3 bucket, causing a leak of 50,000 files including full names, locations, email addresses and phone numbers of its clients.
Staying vigilant about any suspicious activity inside your AWS environments and monitoring and controlling who has access to the AWS infrastructure are ways to help keep cloud computing safe.
Application Access Token
Bad actors can use REST APIs to perform acts like email searches with an oAuth access token, Splunk said. These tokens are usually stolen from users and allow hackers to bypass the authentication process and gain access to restricted accounts, information or services on remote systems.
Brute Force Attack
While certainly not a new security threat, brute force attacks are on the rise with Microsoft recording an uptick in brute force attacks involving Remote Desktop Protocol, Splunk said in its report. Exposed endpoints and weak passwords can allow threat actors to carry out a successful brute force attack.
Business Email Compromise
Business Email Compromise (BEC) has also been on the rise, particularly post-COVID with the increase in video calls. Hackers will trick victims into paying fraudulent, yet credible-looking bills and invoices. They will mimic an organization's suppliers, employees or business partners. Using malware, hackers can gain access to messaging systems and send fake messages through phishing campaigns, for instance, to convince victims to transfer large sums of money.
Cloud Cryptomining
In a cryptomining attack, hackers can steal a cloud instance, often spinning up "hundreds" of new instances - potentially creating "astronomical" cloud computing costs for an unsuspecting organization. While Splunk says it's difficult to determine how widespread cryptomining attacks have become with the massive use of cloud computing platforms, companies should stay vigilant Monitoring for new cloud instances or a high number of instances are some ways to stay protected.
Command and Control Attack
A command and control attack is when a hacker takes over a computer and sends commands or malware to other systems on the network. According to Splunk's report these attacks increased by 30% in 2022.
Also known as C2 or C&C attacks, hackers usually gain access to the network through phishing emails that contain installable malware.
Masquerade Attacks
Masquerade attacks happen when threat actors use forged or stolen user credentials or by gaining access to a vulnerable machine or device. That access appears legitimate and can give attackers a pathway into an organization's entire network.
Hackers set up these attacks through various methods including spoofing login domains or using keyloggers. They don't require sophisticated technology either; an ill-intentioned employee could gain access to someone's unlocked and unprotected laptop.
Shadow IT
With SaaS applications becoming commonplace on user devices, shadow IT attacks have also become more common, Splunk's report noted. Typically, an employee meaning no harm will inadvertently download some application for productivity or work-related reasons. These shadow applications can open "the floodgate for insider threats, data breaches and compliance violations."
You can download Splunk's full list for threats to watch in 2024 here.
