Security vendor Sophos have published their 2024 threat report, 'Cybercrime on Main Street', that combines the data observed over 2023 with forecasting and predictions for the threat landscape of 2024. They state that while ransomware remains the top cyber threat , others are growing.
The Sophos report focuses on small to medium businesses as these tend to be the most frequent targets of cyber-crimes. This is likely due to the mixture of small businesses not being able to afford sufficient cyber defences, not being able to withstand the financial and reputation pressure cyber criminals can apply and generating enough revenue to still be profitable targets for threat actors.
The report touches on key threats, one being threat actors' transition away from simple social engineering towards more active engagement. This is likely due to the way that phishing defences are implemented; a never before seen email address attempting to send an unknown link or file to an internal user is likely to be flagged as suspicious or malicious on security controls.
However, by moving towards active engagement, a threat actor may reignite an old email chain with a compromised email address, bypassing the suspicion of a never before seen address.
Furthermore they are likely to maintain a text based conversation with the target for longer before presenting a malicious file or link.
With rapport building through compromised email chains, it can be harder for individuals to know if an attachment or link is safe, increasing the likelyhood of successful compromise.
Another key threat identified is the increasing abuse of drivers. At a basic level, a driver is a software component that allows a device's operating system to communicate with the device's hardware.
When an application needs to collect data from the hardware the request will go Application -> OS -> Driver -> Hardware. Drivers are an attractive threat vector as they can have a high level of access into a target device and are monitored less diligently compared to vulnerable application and vulnerable operating systems, allowing threat actors to compromise systems while evading defences.
The report emphasises that in the vast majority of cases, data is the prime target. It paves the way for threat actors to commit ransomware attacks, data extortion, remote access persistence, or data theft.
Reporting
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).