10 common cybersecurity threats & attacks (2024 update)
10.5 trillion dollars. That’s the projected annual cost of global cybercrime by the year 2025. But cybercriminals are constantly sharpening their skills and honing new attacks; so the actual cost could easily be higher.
You need to attack potential digital threats from many angles. Remaining up to date on industry trends and the latest hacker tactics, techniques, and procedures (TTPs) is one of the simplest things you can do to stay protected.
But you need to know just what you’re up against. We have compiled a list of the 10 most common cybersecurity threats you will face in 2024 and what you can do to protect against them.
The impact of cybersecurity attacks in 2023
Navigating the world of common cyberthreats is becoming increasingly complex. Based on our data, the total number of ransomware sightings we observed in 2023 increased by 94% since 2022, suggesting a more or less constant stream of attempted attacks. Combined with the increase in remote work, it’s easy to see that there’s no shortage of opportunities for digital threat actors.
Cybersecurity lessons from 2023
Human error was recognized as one of the biggest threats to cybersecurity in 2023. Brad LaPorte, a partner at HighTide Advisors, predicts that by 2025, 99% of data breaches will be caused by a misconfiguration of settings or installation by an end user—meaning most common cyberthreats of the future may be avoidable with proper employee education.
In the managed service provider (MSP) world, we also noticed that providers overall are going to need to do more in terms of cybersecurity going forward for themselves and their clients. These steps include things such as consolidating your tools and resources, and leveraging third-party expertise to manage complexities and augment capabilities.
2023’s cyberthreat landscape is still relevant in 2024. While you must remain flexible and ready to respond to novel threats, MSPs should also establish a structured plan for what to do after an attack. First perform a cybersecurity risk assessment, then develop the right cybersecurity framework for your business.
Cybersecurity threats and attacks in 2024
Protecting our constantly connected devices and monitoring malicious mobile attacks are just the tip of the iceberg. MSPs should be wary of a wide range of hacker TTPs that will continue to be common in 2024. Here are the 10 top cybersecurity threats to watch out for:
1. Vulnerabilities
In 2023, 26,447 vulnerabilities were assigned a common vulnerabilities and exposures (CVE) number in the National Vulnerabilities Database, surpassing 2022 by over 1500 CVEs. Each of these represents an actively-exploited vulnerability that MSPs need to be aware of.
Recent critical vulnerabilities found in Microsoft Exchange servers are among some of the most prominent examples. These vulnerabilities, known as ProxyLogon, were actively exploited by an APT known as HAFNIUM, and several new vulnerabilities have since been discovered in Microsoft Exchange.
Though many MSPs have made the transition to Microsoft 365 for their clients, those still supporting on-premises Exchange need to pay close attention to these vulnerabilities, as a compromised Exchange server can be catastrophic for an organization.
In addition to vulnerabilities in Exchange servers, a new phishing technique has emerged that is designed to bypass the default behavior for handling VBA macros in Microsoft Office documents downloaded online, using LNK files. These files are simple to craft, appear innocuous, allow arbitrary execution, and can bypass many of the defenses found in Office documents.
While there is no direct mitigation for protecting against malicious LNK files, MSPs can take steps to protect against some delivery vectors and limit options for execution, such as email restrictions, blocking disk image files from automatically mounting, and enacting application controls. In addition, user education and network design using the principle of least privilege and zero trust can help reduce the overall attack surface.
Another major area of vulnerability is Internet of Things (IoT) devices with inherent vulnerabilities that cybercriminals can exploit to gain access to the device or its data, but we will address those specifically later on.
2. Business email compromise
Business emails can be compromised by cyberthreats in several ways, including:
- Phishing: Cybercriminals can use phishing emails to trick employees into divulging sensitive information, such as login credentials or financial information. These emails may appear to be from a trusted source, such as a bank or a supplier, and may use social engineering techniques to persuade the recipient to take action.
- Malware: Cybercriminals can use malware, such as viruses or trojans, to infect a user’s computer and gain access to their email accounts. Once the malware is installed, it can steal login credentials or capture sensitive information from the user’s computer.
- Social engineering: This type of cybersecurity attack tricks employees into divulging sensitive information or granting access to their email accounts. This can include impersonating an executive or IT administrator or creating a fake login page that appears to be legitimate.
- Weak passwords: If employees use weak, reused, or easily guessable passwords, cybercriminals can use brute-force attacks to guess the password and gain access to the email account.
Once cybercriminals gain access to a business email account, they can use it to send phishing emails or other types of spam, steal sensitive information, or use the account to launch attacks against other employees or the company’s systems. To protect against these threats, businesses should:
- Train employees on how to identify and avoid phishing emails
- Insist employees use strong passwords and two-factor authentication
- Keep software and cybersecurity systems up to date
- Implement email cybersecurity measures, such as spam filters
3. Crime-as-a-service
One growing type of cybersecurity threat is crime-as-a-service (CaaS). CaaS describes the provision of cybercriminal tools, services, and expertise through an underground, illicit marketplace. Essentially, CaaS allows criminals to outsource the technical aspects of their operations to other cybercriminals with more expertise.
CaaS allows criminals to access a wide range of nefarious services and tools, such as:
- Malware development
- Ransomware
- Exploit kits
- Initial access brokers
- Phishing kits
- Botnet rental
- Hacking tutorials
These services are often provided via a subscription model, where cybercriminals pay on a regular basis for access to certain tools and talent.
The use of CaaS has led to an increase in cyberattacks in recent years, as it lowers the barrier to entry for would-be cybercriminals. With access to sophisticated tools and services, even those with limited technical knowledge can carry out cyberattacks, widening the suspect pool and thereby making it more difficult for law enforcement agencies to track and prosecute cybercriminals.
4. Supply chain attacks
Supply chain attacks are a relatively new cybercrime innovation that continue to grow in scope and frequency. Hackers infiltrate supply chain technology to access source codes, build codes, and other infrastructure components of benign software apps, their end goal being to use these legitimate platforms as conduits for distributing malware into supply chain systems.
Examples of high-profile supply chain attacks include:
- The Shylock banking trojan virus
- Attacks by third-party data storers
- “Drive-by” watering hole attacks
Cybersecurity experts believe that supply chain attacks are increasing due to:
- Open-source code
- Compromised pipeline tools
- Poor code uploads
Preventing future supply chain attacks may be one of the biggest challenges your team will face. With the increased reliance on open-source platforms and APIs, hackers will have no shortage of infiltration points to execute their malicious endeavors.
But all hope is not lost. There are steps you can take to protect clients against supply chain attacks, including:
- Use endpoint monitoring tools to spot and stop suspicious activity
- Stay current with all system patches and updates
- Implement integrity controls to ensure users are only running tools from trusted sources
- Require admins and other users to use two-factor authentication
In addition to the steps above, MSPs should have an effective incident response plan. As we mentioned, supply chain attacks are relatively new, so some are bound to infiltrate systems as we learn more and develop better protective techniques.
5. Cloud-based attacks
Cloud-based attacks encompass a wide range of hacker TTPs. With so many businesses using the cloud—and with cloud networks becoming more intricate—their infrastructure has become low-hanging fruit for digital threat actors.
Cybersecurity professionals focus on something known as the “Egregious Eleven.” These are the 11 most popular infiltration points for cloud-based threats. In order of severity, they are:
- Data breaches
- Misconfiguration of settings and installs
- Poor cloud security setup and planning
- Mismanagement of ID, login credentials, and account access
- Stolen or hijacked accounts
- Insider threats
- APIs and insecure software interfaces
- Weak control plane
- Applistructure and metastructure failures
- Restricted cloud usage visibility
- Abuse of cloud services
Because cloud-based applications shoulder most of the modern corporate workload, focusing on airtight cybersecurity practices is one of the best steps anyone can take to protect themselves and their partners. The following steps are good preventative measures:
- Monitoring access to sensitive resources
- Enforcing strict password requirements
- Implementing a sound data backup plan
- Leveraging data encryption
To add an extra layer of protection, MSPs can also implement routine penetration testing. Thinking like a cybercriminal and pushing your cybersecurity protocols to the breaking point is one of the best ways to strengthen your defenses. Be sure to assess and inventory potential system weaknesses after testing.
6. Data center attacks
Cybercrime data center attacks can take many forms, including:
- DDoS attacks
- Malware attacks
- Insider threats
- Phishing attacks
- Ransomware attacks
Data centers are often high-value targets for cybercriminals, as they store and process large amounts of sensitive information. Therefore, it is crucial for you to implement robust security measures such as access controls, intrusion detection and prevention systems, and regular security audits to protect against these attacks.
7. Ransomware
Malware, specifically ransomware, continues to pose a significant cybersecurity threat. This form of cyberattack has been around for decades, and hackers continue to evolve their delivery methods.
To help keep your clients educated in 2024, here is some of the ransomware data that should be on your radar:
- According to our 2024 MSP Threat Report, LockBit was by far the most prevalent ransomware in use in 2023. Their rapid growth each month is mainly due to the success of their affiliate program.
- The amount of money extorted from ransomware victims in 2023 made a significant jump from the year before—from $456.8 million paid in 2022 to over $1 billion in 2023. With those numbers, it’s in everyone’s best interest to create layers of defense and mitigation specific to ransomware.
- Global ransomware damages are predicted to exceed $265 billion by 2031.
- It’s estimated that by 2031, a ransomware attack will occur every two seconds.
- In 2023, ransomware usage went down compared to 2022, however, with spiking attack volumes in the summer months, 2023 still managed to be the third-worst year for ransomware on record.
- Cybercriminals unleashed an average of 411,000 malicious files every day in 2023, representing a 3% increase from the previous year, according to Kaspersky.
Modern endpoint detection and response (EDR) software can help prevent ransomware payloads from executing. They can also set cybersecurity parameters on endpoint web browsing to ensure clients’ employees don’t stray too far from safe browsing locations.
However, there is still the potential threat of double and triple extortion. With double extortion, malicious actors may threaten victims with having their sensitive data sold or exposed, versus simply requiring a ransom to decrypt it. With triple extortion, payment may be demanded from anyone who is affected by leaked data, not just the originally attacked company.
Additionally, having a solid and robust backup plan is one of the best ways to protect against ransomware. If your system is on the larger side, you can’t possibly prevent 100% of attacks. The key is having procedures in place to back up corrupted data from the attacks that do get through.
8. IoT device hacking
With many employees working from home and accessing sensitive company platforms and data from multiple scattered endpoints, combined with the progression of cloud technology, hackers have more infiltration opportunities than ever before. At ConnectWise, we refer to this as the “infinite edge,” the new reality that MSPs have to grapple with.
Most businesses are at risk of exposure to external device cybersecurity threats. Although experts in the industry say the number of attacks has decreased, digital threat actors continue to develop more sophisticated infiltration methods.
Cybercriminals often target the following:
- Default passwords: Many smart devices come with default login credentials that are easy to guess, such as “admin/admin” or “admin/password.” Cybercriminals can exploit these default passwords to gain access to the device and its data.
- Unsecured Wi-Fi networks: Smart devices often connect to Wi-Fi networks, which can be unsecured or use weak encryption. Cybercriminals can exploit vulnerabilities in these networks to intercept data transmitted over the internet.
Once cybercriminals have gained access to a smart device, they can carry out a range of attacks, such as:
- Stealing data
- Installing malware
- Launching DDoS attacks
- Spying on the device’s owner through its camera or microphone
Hackers are getting more creative in the emails, messages, and social media tactics they use to trick mobile users into downloading malicious software and handing over private information. Threat actors will even leverage the App Store to infect users’ mobile devices. This is bad news, as so many devices are connected to the internet.
Fortunately, there are ways to protect your devices, including:
- Having users select secure, difficult passwords
- Staying current with OS updates and system patches
- Making sure clients encrypt their data
- Having clients install antivirus or anti-malware protection
- Changing default passwords
- Keeping software updated
- Avoiding unsecured Wi-Fi networks
- Being cautious of suspicious emails or links
If you use devices on less secure, public networks, don’t do anything work-related or any tasks requiring access to sensitive data. It’s also helpful to monitor or screen employees’ app downloads. Configure parameters that prohibit certain apps from being downloaded to your devices.
9. Insider threats
Once internal system users are compromised, they can become an even greater threat to the system than external attackers. The Ponemon Institute’s 2023 report on the global state of insider threats found that the time to contain an insider incident increased to an average of 86 days.
They also found the cost of insider threat breaches to be on the rise. Businesses that experience an insider threat can expect it to cost them somewhere in the neighborhood of $16.2 million.
The bulk of those costs come from business disruption due to diminished employee or user productivity, loss in technology value, which includes the amortized value and the licensing for software and hardware that are deployed in response to insider-related incidents, and direct and indirect labor. Those three categories alone account for 65% of insider threat costs. The remaining 35% of costs come from workflow changes, cash outlays, overhead, and subsequent revenue losses.
Much like social engineering, insider threats rely on the negligence and actions of a company’s end users.
In addition to conducting cybersecurity awareness training, you should implement tools and procedures to proactively monitor employees’ networks, such as the ConnectWise SIEM™. You should also set up parameters and tools to monitor user behavior, as well as establish strict cybersecurity protocols.
10. Drive-by compromises
In 2023, we’ve seen a major increase in drive-by compromise as a cyberthreat tactic. This is when threat actors lure victims to malicious websites through techniques such as search engine optimization (SEO) poisoning and malvertising.
This trend of exploiting public-facing applications suggests an overall shift for threat actors toward “attacks of opportunity,” meaning small and midsized businesses (SMBs) can no longer slide under the radar because they’re “too small to target.”
General best practices for MSPs in 2024
Kere are a few best practices you can follow internally to minimize the chances of one of these attacks infiltrating your clients’ systems:
- Implement audits: Keep track of any system changes for clients, attacks you’ve dealt with, etc. You’ll be able to avoid any mistakes and continually improve your offerings for clients.
- Use enterprise-class software: ConnectWise can help on this front. We have a full suite of products to help you give your clients the exact service and protection they need.
- Stay proactive: Remain ahead of the curve when it comes to hacker/attack education, client system updates, and anything else that’s within your grasp. Planning ahead and being prepared are two of the most critical steps in protecting clients’ digital assets.
- Keep clients in the loop: Have open lines of communication with your clients. Even in the event of drastic errors, breaking the news right away is always the best course of action. You and your client can work together to get out in front of the issue. By not saying anything, you may turn a minor issue into a much bigger problem.
- Train your staff often: Your team should constantly be renewing their training on cybersecurity trends and news, but also on your internal company policies and procedures. This way, they’re both knowledgeable about their craft and able to follow company SOPs to provide premium customer service.
As always, Microtech is here to help with a variety of cybersecurity solutions for MSPs. Contact our cybersecurity expert today to see how we can help you protect your business and your clients.