Some Of The Biggest Cybersecurity Threats In 2024: Splunk

Splunk released its list of some of the current biggest cybersecurity threats in an "ever-evolving" threat landscape.

Samara Lynn
clock • 4 min read
Some Of The Biggest Cybersecurity Threats In 2024: Splunk

Security information and event management (SIEM) provider Splunk recently released its report on the top cyber security threats IT leaders need to be aware of in 2024.  

Cybersecurity is "essential," Splunk President and CEO Gary Steele said in the report. Yet, "many organizations still haven't reached the peak of their security operations," he said. Reasons he cited include an ever-evolving threat landscape; increasingly complex hybrid and cloud infrastructures; bogged-down security teams; and a proliferation of tools used inside organizations. 

A crucial way to stay a step ahead of bad actors is being aware of the top cybersecurity threats. Here are 10 of the biggest security threats from the Splunk's "Top 50 Cybersecurity Threats" report: 

Account Takeover

Account takeovers can occur when a bad actor poses as an actual employee, user or customer to gain unauthorized access to the network. Malicious "one-click" apps, brute force attacks, phishing and other malware are some of the methods hackers often employ. 

Organizations should implement access control technologies like multifactor authentication (MFA) and adopt a "zero-trust" security strategy for devices internal and external to the organization as well as access to all resources, Splunk advised in its report. 

Advanced Persistent Threat (APT) 

An advanced persistent threat is when a bad actor breaks in, avoids detection, and obtains information on a computer system or network. While Splunk points out that APTs are often politically motivated, they do happen to businesses and are used by hackers to steal data or intellectual property. 

Amazon Web Services (AWS) Attacks

While Amazon says it is responsible for security outside of a virtual machine, AWS customers are responsible for security inside an S3 container. Splunk cited one example of a digital marketing company that failed to password protect its Amazon S3 bucket, causing a leak of 50,000 files including full names, locations, email addresses and phone numbers of its clients. 

Staying vigilant about any suspicious activity inside your AWS environments and monitoring and controlling who has access to the AWS infrastructure are ways to help keep cloud computing safe. 

Application Access Token 

Bad actors can use REST APIs to perform acts like email searches with an oAuth access token, Splunk said. These tokens are usually stolen from users and allow hackers to bypass the authentication process and gain access to restricted accounts, information or services on remote systems. 

Brute Force Attack  

While certainly not a new security threat, brute force attacks are on the rise with Microsoft recording an uptick in brute force attacks involving Remote Desktop Protocol, Splunk said in its report. Exposed endpoints and weak passwords can allow threat actors to carry out a successful brute force attack.

Business Email Compromise 

Business Email Compromise (BEC) has also been on the rise, particularly post-COVID with the increase in video calls. Hackers will trick victims into paying fraudulent, yet credible-looking bills and invoices. They will mimic an organization's suppliers, employees or business partners. Using malware, hackers can gain access to messaging systems and send fake messages through phishing campaigns, for instance, to convince victims to transfer large sums of money. 

Cloud Cryptomining 

In a cryptomining attack, hackers can steal a cloud instance, often spinning up "hundreds" of new instances - potentially creating "astronomical" cloud computing costs for an unsuspecting organization. While Splunk says it's difficult to determine how widespread cryptomining attacks have become with the massive use of cloud computing platforms, companies should stay vigilant Monitoring for new cloud instances or a high number of instances are some ways to stay protected. 

Command and Control Attack 

A command and control attack is when a hacker takes over a computer and sends commands or malware to other systems on the network. According to Splunk's report these attacks increased by 30% in 2022. 

Also known as C2 or C&C attacks, hackers usually gain access to the network through phishing emails that contain installable malware. 

Masquerade Attacks  

Masquerade attacks happen when threat actors use forged or stolen user credentials or by gaining access to a vulnerable machine or device. That access appears legitimate and can give attackers a pathway into an organization's entire network. 

Hackers set up these attacks through various methods including spoofing login domains or using keyloggers. They don't require sophisticated technology either; an ill-intentioned employee could gain access to someone's unlocked and unprotected laptop. 

Shadow IT

With SaaS applications becoming commonplace on user devices, shadow IT attacks have also become more common, Splunk's report noted. Typically, an employee meaning no harm will inadvertently download some application for productivity or work-related reasons. These shadow applications can open "the floodgate for insider threats, data breaches and compliance violations." 

You can download Splunk's full list for threats to watch in 2024 here

 

You may also like
Access Point: Weekly News Roundup For IT Executives For April 19, 2024

Column

Access Point is a weekly roundup of major tech news for IT executives on the go. This edition covers April 15-19.

clock 04-19-2024 • 2 min read
DataStax Exec Talks About Recent Acquisition That Gives Businesses Powerful AI Capabilities

Artificial Intelligence

DataStax's chief product officer also details how midmarket companies are using the platform

clock 04-19-2024 • 6 min read

MES Midmarket 100 Awards

MES Midmarket 100

The MES Midmarket 100 Awards recognizes vendors that have proven themselves to be forward-thinking technology providers with product and services offerings.

More on Security

Protect AI Releases 'Bug Bounty' Report On This Month's Vulnerabilities

Protect AI Releases 'Bug Bounty' Report On This Month's Vulnerabilities

The vulnerabilities involve tools used to build AI apps

Samara Lynn
clock 04-18-2024 • 6 min read
Trouble Managing Digital Certificate Sprawl? There's A Mid-Market Solution For That

Trouble Managing Digital Certificate Sprawl? There's A Mid-Market Solution For That

More users, more devices, more certificates to manage.

Samara Lynn
clock 04-17-2024 • 2 min read
Experts Warn 2024 Elections Will Be Biggest Cyberattack Targets

Experts Warn 2024 Elections Will Be Biggest Cyberattack Targets

“In the biggest global election year in history, democracy is the primary target of nation-state threat actors," the co-founder of cybersecurity firm Armis says.

Samara Lynn
clock 04-16-2024 • 3 min read