Cyber Threats of 2024: Breaking down the 2024 Cyber Threat Report

Cyber Threats of 2024: Breaking down the 2024 Cyber Threat Report

Jamie Levy, Director of Adversary Tactics at Huntress, joined "The Stack" with host Dan Tomaszewski to break down our 2024 Cyber Threat Report. She and Dan get real about the latest hacker tactics targeting small businesses. They also also go on to explore how remote access tools used by MSPs are being weaponized, leading to an eye-opening statistic—36% of these tools have been compromised by attackers.

We’ve made it easier for you to catch every detail. Here, you can jump straight into the conversation with our quick-read/watch chapters. Click the link and get right into it.


The Shift in Hacker Focus (3:08)

Dan opens the episode by discussing the shift in hacker focus from large enterprises to smaller businesses. These smaller entities serve as testing grounds for new tactics and techniques. Understanding this threat landscape is crucial for MSPs tasked with protecting small to medium-sized businesses (SMBs).

Jamie Levy elaborates on this, emphasizing that attackers are continually looking for opportunities and never take time off. They run their criminal enterprises like businesses, constantly seeking vulnerabilities to exploit.

Click to watch The Shift in Hacker Focus


The Weaponization of Remote Access Tools (4:20)

One of the most alarming findings in the Huntress 2024 Cyber Threat Report is the weaponization of remote access tools (RATs). Dan highlights that 36% of tools used for remote access by MSPs are compromised. Jamie explains that attackers take advantage of the ease of downloading and using these tools, often without any scrutiny or need for a credit card.

Attackers blend in by using legitimate tools, making it difficult to detect malicious activity. Jamie shares that sometimes there are multiple remote access tools within a single customer's infrastructure, further complicating detection.

Click to watch The Weaponization of Remote Access Tools


Securing the Cloud (7:50)

The conversation shifts to the growing trend of businesses moving to the cloud and the associated security challenges. Jamie stresses the importance of locking down cloud instances, enabling MFA (Multi-Factor Authentication), and ensuring robust logging practices.

Attackers exploit freely available cloud services like Google Drive and Dropbox to stage files, making vigilance and employee awareness critical. Jamie advises verifying the legitimacy of unexpected file shares, even from known contacts.

Click to watch Securing the Cloud


Credential Dumping and Defensive Measures (13:44)

Credential dumping is another tactic used by attackers to gain access to systems. Jamie explains how attackers dump passwords from systems to spread laterally across networks. Defensive measures include disabling certain features in Windows, enabling Windows Defender Credential Guard, and reducing administrative roles on RDP (Remote Desktop Protocol).

Implementing MFA is a crucial step in mitigating the risk of credential dumping, as it adds an additional layer of security even if passwords are compromised.

Click to watch Credential Dumping and Defensive Measures


The Ripple Effects of the Qakbot Takedown

Dan and Jamie conclude the episode by discussing the ripple effects of the Qakbot takedown in August of the previous year. Qakbot, an initial access malware used by threat actors to deploy ransomware, saw a significant impact after its infrastructure was dismantled by the government.

Jamie shares insights into how the takedown affected other initial access malware and ransomware families, noting observable changes in the threat landscape.

Click to watch The Ripple Effects of the Qakbot Takedown


Staying Ahead in Cybersecurity

As the threat landscape continues to evolve, staying informed and proactive is essential. MSPs must educate their clients about the importance of security measures like MFA and remain vigilant against increasingly sophisticated attacks. The insights from the Huntress 2024 Threat Report provide valuable guidance for navigating these challenges.

Download the 2024 Cyber Threat Report to strengthen your security posture with the knowledge needed to protect your business and take on any of today’s top threats.

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics