In the second half of 2024, Mimecast processed more than 90-billion data points for over 42 000 customers, during the six-month period from July to December.
During that time, 5-billion threats were detected, with attackers targeting core communication channels such as emails and cloud platforms, writes Brian Pinnock, EMEA vice-president: sales engineering at Mimecast.
The study finds that 68% of breaches linked to human error, with most breaches involving non-malicious employee mistakes, emphasising the ongoing need for tailored cybersecurity training.
Twelve percent of the attacks were via AI-written emails, as attackers use AI-driven tools to enhance phishing attempts and other malicious activities.
Cybersecurity threats are becoming increasingly advanced, with attackers leveraging new tools and strategies to infiltrate organisations.
Mimecast’s H2 2024 Global Threat Intelligence Report sheds light on the following critical trends and offers actionable recommendations for safeguarding organisations:
- Living Off Trusted Services – The report highlights a concerning trend of cybercriminals using trusted platforms like Microsoft and Google to evade defenses and distribute malware or phishing attacks — an approach known as “Living Off Trusted Services” (LOTS). This evolution signals the need for robust security measures that go beyond traditional defenses.
- Malware and ransomware surge – Malware detection in Sub-Saharan Africa surged by 42% in December 2024, significantly higher than same period in the previous year. The surge was largely driven by political instability and increased online shopping. Additionally, the region is witnessing a rise in ransomware attacks, which are becoming more opportunistic, often exploiting vulnerabilities and delivered as secondary infections.
- Industry focused attacks – Certain sectors faced higher cyber-attack risks, with cyber actors targeting industries in various ways. The arts, entertainment, and recreation sector were primarily attacked through malicious file attachments, while media and publishing companies fell victim to embedded malicious links. Legal firms faced a surge in impersonation attacks, and software and SaaS providers were impacted by deceptive impersonation attempts. These diverse attack patterns highlight the importance of tailoring cybersecurity defenses to address an organisation’s specific threat profile.
- Geopolitics driving cybercrime – Geopolitical tensions are fueling cybercrime, as nation-state sponsored attacks and politically motivated intrusions become more frequent. Examples include: US infrastructure targeted by China’s cyber espionage; Russia-Ukraine war fueling cyber activities on both sides with potential spill over to other areas; and Iran-Israel tensions escalating attacks further. Businesses operating in adjacent regions and industries need heightened awareness and preventive measures to avoid collateral damage.
- 68% of breaches involve a human element – Human error remains a challenge, with 68% of breaches involving a human element. Employees click phishing links, fall for deepfake scams, or mistype sensitive information, leading to vulnerabilities. According to the Verizon Data Breach Investigations Report, 2024, 34% of employees fear they might cause a breach despite growing awareness. This highlights the necessity of regular training programs aimed at minimising risks through education and vigilance.
- AI’s dual role in cybersecurity – Artificial intelligence is reshaping both attack and defense strategies in cybersecurity. While defenders use AI to detect threats and anomalies in real time, attackers are also turning to AI tools for: writing grammatically impeccable phishing emails, creating deepfakes to exploit trust; and automating large-scale cyber operations.
Organisations must integrate advanced AI defenses to match the sophistication of AI-powered threats.
To protect against these threats, businesses should adopt the following strategies:
- Implement advanced AI solutions: Use AI to enhance detection, response, and threat mitigation systems.
- Strengthen authentication measures: Technologies like SPF, DKIM, and DMARC remain critical for defense against impersonation attacks.
- Regular employee training: Consistent education on identifying phishing emails and malicious links can significantly reduce human error.
- Vet third-party vendors: Assess the cybersecurity practices of vendors to mitigate risks from potential entry points.