Trends in Cyber Threats and Vulnerabilities
The cyber threat landscape in 2024 was shaped by evolving attack methods and persistent vulnerabilities, with many incidents exploiting the interconnectedness of third-party relationships. As organizations increasingly rely on third-party vendors, attackers have adapted their strategies to exploit these dependencies, leading to cascading risks across industries.
This section highlights four key trends that dominated the threat landscape: unauthorized network access, ransomware campaigns leveraging third-party vectors, software vulnerabilities, and credential misuse.
Distribution of Attack Methods that Caused Data Breaches on Third Parties
Note: The analysis and ratios presented in this section are based on publicly disclosed data breaches. Operational disruptions without associated data breaches are not included.
Interestingly, among the known attack methods, ransomware stands out as the dominant threat, accounting for 66.7% of these attacks.
Distribution of Attack Methods that Caused Data Breaches on Third Parties
Note: The analysis and ratios presented in this section are based on publicly disclosed data breaches. Operational disruptions without associated data breaches are not included.
Interestingly, among the known attack methods, ransomware stands out as the dominant threat, accounting for 66.7% of these attacks.
Unauthorized Network Access
Unauthorized network access remained a dominant threat in 2024, accounting for 51.7% of publicly disclosed third-party breaches. However, the term "unauthorized network access" is often used as a catch-all explanation when organizations either lack clarity on the root cause of an attack or choose not to disclose specific details. This ambiguity can obscure the true nature of vulnerabilities being exploited, whether they stem from misconfigurations, credential misuse, or unpatched systems.
One of the primary challenges in addressing unauthorized access is the lack of visibility and transparency within third-party networks. Organizations frequently depend on vendors to secure their environments, but insufficient oversight leaves significant gaps that attackers readily exploit. For example, several breaches this year stemmed from unauthorized access to cloud environments managed by third-party providers, highlighting the systemic risks of relying on external vendors without stringent monitoring.
The persistence of unauthorized access incidents underscores the need for improved identity and access management practices, such as implementing least privilege access, multi-factor authentication (MFA), and continuous monitoring of third-party systems. Organizations must also prioritize regular audits of vendor security controls to mitigate these risks effectively. Additionally, fostering a culture of transparency in incident reporting can help organizations and stakeholders better understand and address the underlying causes of such breaches.
Ransomware
Ransomware remained one of the most disruptive cyber threats in 2024, accounting for 66.7% of known attack methods. Third-party vendors were frequently used as entry points to infiltrate larger ecosystems, enabling attackers to create cascading disruptions that affected multiple organizations downstream.
The rise of ransomware-as-a-service (RaaS) and affiliate-driven models further fueled this trend, allowing less technically sophisticated actors to deploy sophisticated ransomware campaigns. In many cases, attackers exploited vulnerabilities in widely adopted tools like Cleo’s Managed File Transfer (MFT) solutions and other supply chain software to gain access to sensitive data and operational systems.
Key incidents included the Blue Yonder ransomware attack, which disrupted major retailers by targeting supply chain operations, and the Cleo exploitation, which caused widespread delays and operational inefficiencies across logistics and manufacturing sectors. These incidents underscored the systemic risks of ransomware attacks when third-party vendors are involved.
To mitigate ransomware threats, organizations must adopt a proactive approach that includes robust patch management, network segmentation, and comprehensive backup strategies. Additionally, conducting regular threat simulations and ensuring third-party vendors adhere to stringent security standards can significantly reduce the risks associated with ransomware campaigns.
Software Vulnerabilities
Software vulnerabilities continued to pose significant risks in 2024, including the exploitation of zero-day vulnerabilities.1 According to industry reports, the first half of 2024 alone saw 53 zero-day vulnerabilities identified and actively exploited,2 and in 2023, Google's Threat Analysis Group and Mandiant tracked 97 zero-day vulnerabilities, marking a 56% increase compared to the previous year. These vulnerabilities predominantly affected internet-facing network devices, operating systems, and widely used applications, underscoring the continued reliance of attackers on unpatched or misconfigured systems
1 It's important to note that the term "zero-day" refers to vulnerabilities that are exploited by attackers before the vendor becomes aware and issues a patch.
2 VulnCheck, State of Exploitation, Aug 2024
Prominent incidents included the exploitation of Cleo’s Managed File Transfer (MFT) solutions and Snowflake’s cloud-based platform, where known vulnerabilities were leveraged due to delayed patch adoption. These examples demonstrate how attackers capitalize on organizations’ failure to promptly address critical flaws in widely used third-party tools.
To address the challenges posed by software vulnerabilities, organizations must adopt robust vulnerability management practices. Strategies such as automated patch management, continuous vulnerability assessments, and collaboration with vendors to expedite remediation efforts are essential. Additionally, prioritizing vulnerabilities based on their potential business impact and integrating threat intelligence into risk management workflows can significantly reduce the likelihood of exploitation and enhance overall resilience against software-related threats.
Credential misuse emerged as a growing avenue for data breaches in 2024, with attackers leveraging stolen, weak, or reused credentials to gain unauthorized access to systems. Public data breaches and credential dumps on dark web marketplaces provided a steady supply of compromised credentials, enabling attackers to bypass traditional security measures and infiltrate networks.
Key incidents demonstrated how credential misuse facilitated both direct breaches and lateral movement within compromised networks. For example, attackers often combined credential misuse with social engineering tactics to trick users into divulging sensitive information or to bypass multi-factor authentication (MFA) defenses.
The rise of automated tools for credential stuffing and brute force attacks further exacerbated this trend. These tools allowed attackers to test large volumes of credentials rapidly, exploiting accounts that lacked strong password policies or MFA.
To combat credential misuse, organizations must implement comprehensive password management policies, enforce MFA for all users, and monitor for suspicious login activities. Regularly educating employees on the dangers of phishing and social engineering is also critical to reducing the effectiveness of these attacks. Furthermore, integrating dark web monitoring to identify compromised credentials can provide early warnings and help organizations take preemptive action to secure their accounts.