HERNDON, VA (BUSINESS WIRE) Expel, the leading managed detection and response (MDR) provider, today released the Expel Annual Threat Report 2024: cybersecurity insights, resilience recommendations, and predictions. Now in its third iteration, the findings in this report analyze patterns and trends the Expel security operations center (SOC) and threat intelligence team investigated throughout 2023 and translates them into actionable, strategic guidelines for operators and organizations in any industry.
“While data drives the trends detailed in this report, it is the intuition that human teams bring to the fight that makes this resource so valuable,” said Daniel Clayton, VP, Security Operations at Expel. “We know that our analysts, empowered by the right technology and effective processes, bring a level of unparalleled expertise to the table that allow them to protect diverse and varied customers. We hope the intel in this report helps other operators, as collaborative information sharing is the best weapon we have to improve security operations and topple our common adversaries.”
Here are some highlights from the report:
- Identity threats dominate three years in a row. Identity-based incidents accounted for 64% of all incidents our SOC investigated—a volume increase of 144% from 2022 to 2023. Sixty-nine percent of identity-based incidents involved malicious logins from suspicious infrastructure, which are hosting providers or proxies that aren’t expected for a user or organization—a trend we’ve noted in past years and one we expect to continue.
- Cloud infrastructure incidents trend up, with secret (stolen or leaked credentials) exposure as the biggest and most frequent risk. The Expel SOC noted a 72% increase in cloud infrastructure incidents, roughly consistent with what we saw in the previous year and continuing the upward trend since we began support for cloud infrastructure. Ninety-six percent of those incidents occurred in Amazon Web Services (AWS), and the remaining 4% were split evenly between Google Cloud Platform (GCP) and Microsoft Azure. While fewer of our cloud customers use GCP and Azure, this skew is also likely due to more AWS security research and auditing tools available for attackers to abuse.
- More than half of all malware incidents presented an immediate, significant risk. Pre-ransomware accounted for 57% of the malware incidents our SOC investigated. The most frequent malware cases that we classified as pre-ransomware—Gootloader (17%), Qakbot (12%), and SocGholish (11%)—were also the top pre-ransomware threats we reported on in both 2021 and 2022. The skilled actors behind these threats have been active for a while, and they aren’t slowing down.
- The rise of QR code phishing: Expel analysts noted a rise in the abuse of QR codes for phishing in 2023. With a URL, a user can visit the malicious domain using the org’s endpoint, giving operators the opportunity to block connections using multiple technologies. However, with a QR code, the activity moves off the workstation and onto the user’s mobile device—making this an attractive technique for attackers.
“Expel’s operators face off against some of the most sophisticated cyber threats across industries, granting them front-line visibility into how these attacks and attackers constantly shift and evolve,” said Dave Merkel, co-founder and CEO at Expel. “It’s our responsibility to share the knowledge gleaned from our analysts’ daily experiences with the larger security community as we fight the good fight, together.”
For each of the attack trends, we delve into what our SOC observed in 2023, how to detect and protect against these threats, and predictions for what’s on the horizon for 2024 and beyond.
Download Expel Annual Threat Report 2024: cybersecurity insights, resilience recommendations, and predictions to learn more.
About Expel
Expel helps companies of all shapes and sizes minimize business risk. Our technology and people work together to make sense of security signals—with your business in mind—to detect, understand, and fix issues fast. Powered by our security operations platform, Expel offers managed detection and response (MDR), remediation, phishing, vulnerability prioritization, and threat hunting. For more information, visit our website, check out our blog, or follow us on LinkedIn.
