Each year, when the Global Threat Reports roll out, it’s a great opportunity to spot trends in Information Security. For me, I enjoy the different perspectives from the various organizations that produce these reports as not everyone has the same insights and telemetry.
This year I wanted to highlight two reports in particular.
Elastic’s 2024 Global Threat Report
Microsoft’s 2024 Digital Defense Report
A brief outline and all the links mentioned or utilized for this post is below.
Topics Discussed:
Blurred Lines Between Nation-State and Cybercriminal Activities
How state-sponsored actors, including those from North Korea and Iran, increasingly adopt criminal tactics for financial gain, with North Korea using cybercrime to fund its nuclear and missile programs.
Generative AI and Its Role in Cyber Threats
A deep dive into the uses of generative AI by both defenders and attackers, including the development of sophisticated phishing scams, influence operations, and automated malware production.
Commodity Malware and Open-Source Tools
The use of off-the-shelf hacking tools like Cobalt Strike and Sliver, which simplify cyber operations for threat actors. Josh explores how these tools blur the line between advanced and lower-skill attacks.
Social Engineering and AI-Powered Phishing
Insights from the reports show how generative AI enables more tailored and realistic phishing campaigns, amplifying the effectiveness of social engineering at scale.
State-Backed Influence Operations via AI
Case studies of AI-driven influence campaigns, including Russia’s deepfake audio tactics in Slovakia and China’s misinformation campaigns, demonstrate AI’s role in sowing discord and manipulating public perception globally.
Links and Resources:
https://www.elastic.co/resources/security/report/global-threat-report
https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/microsoft-digital-defense-report-2024
https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse
https://cloud.google.com/blog/topics/threat-intelligence/apt45-north-korea-digital-military-machine
https://malpedia.caad.fkie.fraunhofer.de/details/win.sliver
https://unit42.paloaltonetworks.com/north-korean-threat-group-play-ransomware/
https://attack.mitre.org/groups/G0138/
https://learn.microsoft.com/en-us/defender-xdr/microsoft-threat-actor-naming
https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/
https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-048a
https://cloud.google.com/blog/topics/threat-intelligence/apt42-charms-cons-compromises
https://www.reuters.com/world/us/accused-iranian-hackers-successfully-peddle-stolen-trump-emails-2024-10-25/
https://www.reuters.com/world/us-issues-iran-related-sanctions-over-election-interference-2024-09-27/
https://www.npr.org/2023/09/28/1202110410/how-rumors-and-conspiracy-theories-got-in-the-way-of-mauis-fire-recovery
https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html
https://securityintelligence.com/articles/malicious-ai-worm-targeting-generative-ai/
https://cert.gov.ua/article/6278521
https://cloud.google.com/blog/topics/threat-intelligence/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor
Share this post