2024 State of the Threat: A Year in Review
Fortify your defenses by understanding the latest intelligence and top threats facing organizations this year.
Get the Report
Global Threat Intelligence Summit 2024
Learn from Secureworks threat experts directly with on-demand recordings and conversations from the 2024 Global Threat Intelligence Summit, where you can engage in even greater insights on today’s most critical threats.
Start watching nowKey Findings: State of the Threat
- This 70+ page report comprehensively examines cybersecurity events from July 2023 to the end of June 2024. These events reflect the continued evolution of ransomware and other threat tactics, including significant takedowns of core ransomware groups and the subsequent fragmentation and creation of new groups; AiTM and AI as growing threats; and the continued influence of state-sponsored threat groups and hacktivist activity.
- Based on insights from customer telemetry, incident response, underground monitoring, proactive threat research, and intelligence relationships, CTU™ research observed the following trends in the threat landscape:
March 2024 saw the highest number of ransomware schemes listing victims. Dwell times remain low, with the shortest observed at just under 7 hours.
Scan-and-exploit and stolen credentials remain top IAVs in ransomware attacks, accounting for nearly 72% of known IAVs.
Adversary in the Middle phishing kits are increasingly used to bypass MFA. Using phishing-proof MFA is now vital.
Law enforcement targeting of ransomware groups caused disruption and fragmentation, prompting new threat actor behaviors.
Hacktivists continue to conduct denial of service or web site defacement campaigns against organizations linked to conflict zones.
State-sponsored threat groups use obfuscation networks, LOTL techniques, and commodity tools to frustrate detection and attribution.
Defense basics (MFA, patching, XDR) remain key. One or more were absent in >50% of Secureworks incident response engagements.
AI lends efficiency more than complexity for cybercriminals, boosting the volume and impact of cyberattacks.
What Informs Secureworks State of the Threat
The Secureworks view of the threat landscape comes from a combination of telemetry from the Taegis platform; incident response and Secureworks Adversary Group customer engagements; privileged source intelligence and industry relationships; dark web surveillance; and technical and tactical research conducted by the CTU, including extensive use of botnet emulations.
Download the report now for a detailed visualization of the threat landscape and actionable, pragmatic advice on how to secure your most valuable business assets.
5 Trillion+
event logs processed by Taegis every week of the year
50K
investigations a year via Incident Response and the Taegis platform
Unique
botnet emulation capabilities, giving us a threat actor’s eye view of the threat landscape