
The economic impact from cybercrime continues to increase and as we enter 2025 we thought it well worth reviewing the key cybersecurity observations and lessons from 2024. This series of articles will wrap up with an opinion about what we believe is the trend leading us into 2025.
Be more Proactive with Cyber Security
Observation 1: Surging Zero-Day Exploits
2024 has been a landmark year for cybersecurity, with a significant increase in the discovery and exploitation of zero-day vulnerabilities. These unpatched security flaws have become a primary tool for cybercriminals, posing serious challenges for cybersecurity teams. The volume of reported CVE’s in 2024 should act as a reminder that no system is ever totally secure, and with some of the most impactful affecting FortiManager, Google Chrome and Windows, a large percentage of businesses globally were in the direct firing line. The evolving tactics and strategies of attackers suggest this line of attack is not going away.
Observation 2: Nation-State and Cybercrime Collaboration
Observation of several high-profile attacks has suggested that the level of collaboration between nation-state actors and cybercriminals, increasingly blurring the line between these actors. Nation-state sponsored attackers initially used zero-days in targeted attacks, which were then escalated to widespread exploitation to cover their tracks.
Lesson 1: You must have a proactive defence strategy
The best defence against cyber threats is awareness and preparation. Organisations must stay informed of emerging threats, maintain staff awareness training and prioritise the patching of weaponised CVE’s. These actions, however, won't help much if the adversary is using valid stolen or created credentials. Therefore, the foundation of proactive defence strategy must be to deploy the latest and strongest identity management system as your first priority.
Why is identity important?
Implementing strong identity verification can prevent unauthorised access even if a zero-day exploit is used. Implementing a phish-resistant MFA solution can significantly enhance security by ensuring that even if credentials are compromised, unauthorised access is prevented.
Resilience in the face of Ransomware
Observation 3: Ransomware attacks surge
A significant increase in ransomware attacks affecting various sectors including healthcare, finance, and critical infrastructure occurred in 2024. The top 5 confirmed attacks include Change Healthcare (US), LoanDepot (US), MediSecure (Aus), Izumi Co (Japan), Evolve Bank & Trust (US) in which an estimated 140 million records were stolen. Aside from data theft, these attacks led to substantial service disruptions and financial losses.
Observation 4: Ransomware targeting service providers and supply chain networks
Ransomware attacks in 2024 highlighted the fragility of supply chains and business continuity. A cyberattack on the parent company of major US supermarket chains disrupted services across its entire network impacting more than 2,000 stores for several days.
Observation 5: Cybercriminal “Whack-a-Mole”
While law enforcement efforts to combat ransomware gangs were able to disrupt the LockBit gang, which saw 34 servers seized, cryptocurrency accounts frozen, 1,000 decryption keys obtained and that two individuals arrested, they were reportedly ‘back on line’ within 2 weeks. Furthermore, new ransomware groups like RansomHub have become prominent.
Lesson 2: Resilience in the Face of Ransomware
Limiting the spread is a critical factor in network resilience when faced with a ransomware attack. Backups, patching, antivirus/antimalware and EDR tools are all important, but as ransomware gangs target business disruption through attacking supply chains and service providers, network resilience is key. Implementing network segmentation can help limit the spread of ransomware, by blocking common pathways and protecting the most valuable assets which can significantly reduce the impact of a ransomware attack. More importantly, identity-based segmentation can help isolate compromised accounts and prevent lateral movement within the network.
Why is identity important?
Implementing strong identity verification can help ensure that only authorised personnel can access critical systems, reducing the risk of ransomware attacks.
A phish-resistant MFA solution can help protect against ransomware by ensuring that only authorised personnel can access critical systems, reducing the risk of attacks spreading and building resiliency.
Critical Infrastructure needs an IT security focus
Observation 6: Attacks on Critical Infrastructure (CI) rise as IT system defences become stronger.
Attacks on critical infrastructure reached new levels in 2024, so much so that the US Cybersecurity and Infrastructure Security Agency (CISA) issued a notice warning that US government-run water systems were at risk. Attackers shifted their focus to more the vulnerable systems like water processing plants and power grids as they represent a much easier target. This is because there is often a lack of visibility into connected Operational Technology (OT) devices, making threat detection extremely difficult.
Observation 7: OT teams need to take more precautions when connecting devices online
One of the key issues is the fact that many CI operators continue to connect industrial tools to the internet to remotely manage them. Different from IT (which has a relatively shorter life cycle), much of the industrial systems operate using legacy equipment that was never designed with cybersecurity in mind, leaving devices exposed to relatively unsophisticated methods such as the use of default passwords or conducting brute force attacks.
Lesson 3: Critical Infrastructure needs an IT security focus
The time to invest in an “IT style” cybersecurity strategy for operational technology (OT) systems is now. This strategy needs to cover the systems in use, how they can be managed in a critical operations environment as well as upskilling personnel who are generally not IT professionals who are more familiar with cyberattacks and the required defences. Collaboration between IT and OT teams will be crucial for securing these systems, using the lessons learned in traditional cybersecurity practice – especially around strong identity and access controls.
Why is identity important?
Implementing strong identity verification can help ensure that only authorised personnel can access critical systems. A phish-resistant MFA solution can help protect against unauthorised access, and strong managed hardware based VPN connectivity can be used to prevent exposing devices themselves to the internet.
Phish-resistant MFA should be employed on every system and device.
Observation 8: Phishing techniques will continue to grow in sophistication
Phishing was the leading attack vector in 2024, reportedly up 58% on 2023. Cybercriminals are employing increasingly sophisticated methods to deceive individuals, with AI now able to create more convincing and tailored messages to individual targets, increasing the likelihood of success. Expecting humans to be able to effectively discern the difference between an advanced AI crafted email, online chat, phone or video deepfake call will soon become an inappropriate defensive tactic.
Observation 9: Proliferation of online tools
The number of phishing kits available on the dark web has apparently increased by 50% in 2024. These tools are now so advanced, even novice cybercriminals can effortlessly launch sophisticated campaigns, and impersonate brands, governments, banks and service organisations. With success rates rising from 14% to 18% attackers are clearly becoming adept at manipulating victims to bypass poor security.
Lesson 4: Phish Resistant MFA should be employed on every system and device.
Humans will always be able to be manipulated, and therefore identity and authentication mechanisms must be phish-resistant. Second factor authentication systems should now be considered as providing no added security, and only phish-resistant MFA should be utilised (where ever possible using separate purpose-built hardware authenticator).
Why is identity important?
Phishing has a single goal in mind – credential theft. Implementing a phish-resistant MFA solution will prevent your organisation from becoming another statistic and will significantly enhance your security posture by ensuring that even if credentials are compromised, unauthorised access is prevented.
Trends to expect in 2025
In the part of this article, we look ahead to the cybersecurity trends and challenges expected in 2025.
Continued Rise of Zero-Days: We predict the ongoing increase in zero-day vulnerabilities and exploits. Why? Simply put software is complex (more than ever) and adversaries are now very focused on finding and exploiting software flaws.
Phish-resistant MFA will become the minimum standard: More organisations will deploy phish-resistant MFA, phone-based authentication apps will be widely breached.
Passkeys will be more widely adopted: however, enterprise and government will be slower to adopt due to legacy equipment and systems which are not passkey ready.
Account recovery processes will be targeted: Especially for passkey-protected accounts, attackers are now more likely to focus on finding weaknesses in account recovery and reset requests and pivot to phishing for recovery keys.
AI will be widely adopted by adversaries to be more targeted and efficient with their attacks: Emails, SMS, chats, phone calls, deep fake videos will be almost impossible for humans to decern as fakes.
Evolving Ransomware Tactics: Ransomware operators will target new sectors, such as service and supply chain organisations, seeking to disrupt operations as much as steal personal data.
Focus on Critical Infrastructure: Attackers see CI as a strategic and much softer target and will seek out any unprotected operational and edge devices.
More executive prosecution for cyber incidents: Litigation for cyber incidents will increase as tightened laws around liability of senior management take hold.
The Rise of Identity-Based Security: Traditional security measures like firewalls and VPNs are no longer sufficient. The focus of security for organisations will change to be on verifying and securing the identities of users and devices accessing systems.
Who is VeroGuard Systems?
VeroGuard is a leading digital identity technology company that understands the importance of a secure, verified and reusable identity in today’s hybrid IT environments. The VeroGuard Platform provides our customers with a bank-to-bank level identity verification system and when combined with our VeroCard offers Next Generation Authentication solutions, where authentication is linked to identity verification with every authentication request. VeroGuard NFA can secure legacy authentication protocols and support the latest Cloud systems with passkeys - all with a phish-resistant and identity aware overlay.
One more Trend for 2025
1. Next Generation Authentication will be the security foundation for all digital transformation.
Kommentare