In 2024, threat actors prioritised stealth and efficiency, leveraging simpler techniques rather than custom malware or zero-day vulnerabilities.
Notably, identity-based attacks emerged as the dominant threat vector, while ransomware incidents increasingly exploited valid credentials to gain access.
These are among the top-level findings from the Cisco Talos 2024 Year in Review, that shares strategic insights into the evolving cybersecurity global landscape.
The report, based on telemetry from over 46 million global devices across 193 countries and regions, including the Middle East and Africa, analyses the most significant trends in threat actor behaviour, including identity attacks, ransomware, network vulnerabilities, and the role of artificial intelligence (AI) in cyber threats.
Fady Younes, MD for cybersecurity at Cisco Middle East, Africa, Türkiye, Romania and CIS, comments: “The findings from Cisco Talos’ 2024 Year in Review highlight the critical need for a solid cybersecurity foundation. Cybercriminals are continually taking advantage of security gaps, demonstrating the essential nature of a proactive, identity-focused defence strategy.
“And, with the emergence of remote and hybrid working models, implementing a zero-trust network access (ZTNA) strategy is key to ensure that the correct security controls are in place while enhancing end-user experience. By staying aware of these evolving tactics, organisations can reinforce their security measures and more effectively shield themselves from new and emerging threats.”
To strengthen cybersecurity and protect against emerging threats, Cisco Talos shares five key recommendations: promptly install updates and patches, enforce strong authentication methods, implement best practices such as strict access controls, network segmentation, and employee training, encrypt all traffic for secure monitoring and configuration, and apply all security measures across the network infrastructure. By adopting these practices, organisations can build a more resilient security posture.
Top threats observed in 2024 include:
- Identity-based attacks: These attacks accounted for 60% of all Cisco Talos Incident Response (IR) cases, with Active Directory identified as a prime target, representing 44% of such incidents. Additionally, 20% of identity-based compromises affected cloud applications, with APIs being particularly attractive due to their access to sensitive data.
- Ransomware tactics: Last year, ransomware attacks continued to impact organisations globally, with attackers using valid accounts for initial access in nearly 70% of cases. Many ransomware operators successfully disabled security solutions, while the education sector was the most targeted industry due to budget constraints and extensive attack surfaces. In addition, LockBit remained the most active ransomware-as-a-service (RaaS) group for the third consecutive year, despite increased law enforcement efforts.
- Exploitation of network vulnerabilities: A major concern in 2024 was the persistent exploitation of older vulnerabilities, particularly those affecting widely used software and hardware. Many of the top-targeted network vulnerabilities impacted end-of-life (EOL) devices that no longer receive patches yet remain actively targeted by cybercriminals. The most frequently targeted vulnerabilities were older CVEs that have been public for several years.
- Multi-factor authentication (MFA) abuse: Multi-factor authentication (MFA) abuse was another prevalent attack vector during the year. Based on Cisco Duo data, identity and access management (IAM) applications were the most frequently targeted in MFA attacks, accounting for nearly a quarter of related incidents. This highlights the critical need for robust MFA implementations and vigilant monitoring of IAM systems.
- AI-refined cyber threats: Despite industry speculation regarding AI-driven cyber threats, the report found that threat actors primarily used AI to refine existing techniques. Enhancements in social engineering tactics and task automation were the primary applications of AI, rather than the development of entirely new methods of attack.