In 2024, the threat landscape continued to evolve rapidly, showcasing the growing sophistication of zero-day exploits and the entrenchment of nation-state and cybercriminal collaborations. This evolution reinforced the challenges that security teams face in defending against persistent attackers. Looking back on the events that defined the year, we gain tactical insights that can help security teams stay ahead in the ongoing battle in 2025.
Surging Zero-Day Exploits and Nation-State Collaboration
Throughout 2024, there was a noticeable increase in zero-day exploits, with threat researchers observing a year-over-year rise. Analysis conducted by Mandiant revealed that out of 138 vulnerabilities disclosed in 2023, the majority were exploited as zero-days, marking an increase from the previous year. Tom Kellermann, senior vice president of cyber strategy at Contrast Security, anticipated that this trend would continue to grow in 2024.
The escalation in zero-day attacks is attributed to geopolitical tensions, particularly with nation-state actors like China leading the charge in exploiting vulnerabilities at unprecedented rates. According to Kellermann, the Chinese government has invested significantly in researching and exploiting zero-days, posing a challenge for traditional cybersecurity defenses.
A new trend emerged in 2024, highlighting the collaboration between nation-states and cybercriminal rings in launching coordinated attacks. Countries like Russia and China were observed collaborating with various cybercrime groups to achieve their geopolitical objectives. This shift underscores the need for proactive patch management, vendor collaboration, and organizational readiness to mitigate evolving threats.
Resiliency Planning Needs More Focus
Ransomware attacks in 2024 shed light on the vulnerabilities within supply chains and business continuity strategies. Incidents like the cyberattack on Ahold Delhaize disrupted services across a network of major US supermarket chains, impacting thousands of stores and customers. To minimize operational disruptions during such incidents, businesses must enhance their resiliency planning, including the implementation of modern segmentation tools.
Another significant event in 2024 was the CrowdStrike outage caused by a faulty software update that affected millions of devices running Windows. The incident underscored the importance of process adherence and visibility in addressing system disruptions. Dror Liwer, co-founder of Coro, emphasized the need for effective communication among stakeholders when managing large-scale incidents.
Critical Infrastructure Is a Growing Target
The year 2024 witnessed an increase in cyberattacks targeting critical infrastructure, with notable incidents affecting governmental water systems and airport landing systems. Attackers shifted their focus from well-protected facilities to vulnerable upstream systems, posing a significant challenge for securing operational environments. Barry Mainz, CEO of Forescout, highlighted the complexities and vulnerabilities associated with industrial systems, emphasizing the need for advanced monitoring tools and collaboration between IT and OT teams.
Mainz stressed the importance of investing in cybersecurity strategies for both IT and operational technology systems to address the unique security requirements of critical infrastructure. Collaborations between government and private-sector entities are crucial in enhancing defenses against escalating threats to critical services.
Telecom Can’t Be Trusted
As 2024 concluded, reports surfaced of the Salt Typhoon cyber-espionage group, allegedly linked to the Chinese government, infiltrating telecommunications networks globally. In the US, major telecom companies like AT&T, Verizon, and Lumen Technologies were compromised, raising concerns about data security and privacy. The FBI recommended the use of encrypted messaging apps to safeguard communications from unauthorized access.
Looking ahead to 2025, Tom Kellermann expressed concerns about the ongoing issues around nation-state attackers exploiting vulnerabilities within telecom networks. The acquisition of Sprint by T-Mobile raised red flags, as Sprint formerly served as the classified backbone network for the US government. Addressing security vulnerabilities within telecom infrastructure requires a proactive approach and heightened vigilance to safeguard sensitive communications and systems.
In conclusion, the events of 2024 underscore the dynamic nature of cybersecurity threats and the need for continuous adaptation and resilience in defense strategies. By learning from the tactical insights of the past year, security teams can equip themselves to stay ahead in the evolving battle against cyber threats in 2025 and beyond.