Early indications suggest phishing attacks are on the decline in 2024, with the mass exploitation of vulnerable edge services potentially set to become the new favorite attack vector for cyber criminals.
Speaking to ITPro, Tim West, director of threat intelligence at WithSecure, said that a general uplift in cyber hygiene, better awareness of phishing techniques, and the sophistication of endpoint protections have all contributed to a dip in phishing attacks in 2024.
“Phishing attachments have seemed to have declined and I think the reason behind that is because we’re getting better at spotting malicious attachments in emails. The training’s pretty good now and normal across a lot of industries, trust in email attachments from unsolicited people is quite low, and endpoint products are pretty good at scanning for suspicious artifacts in documents.”
He cautioned that phishing will remain a popular attack vector 2024 as hackers continue to adapt their techniques to modern defenses, but that targeting vulnerable edge services could become the most common vector.
“That’s not to say that [phishing] is not still pretty successful, it’s just maybe not quite as successful as it’s been historically over the last couple of years. Threat actors are finding their way around that with other techniques around email-borne phishing. But broadly we’ve seen a rise in the opposite direction of edge service exploitation.”
Speaking at the Finnish security firm’s SPHERE24 conference, Stephen Robinson, senior threat intelligence analyst at WithSecure, said 50% of the company's incident response engagements begin with the exploitation of public facing services.
He noted the volume and severity of these attacks has “exploded” over the past year.
No place to hide in the IPv4 internet space
Threat intelligence gathered by other stakeholders in the enterprise security sector corroborates West and Robinson’s analysis, also identifying a relative trend towards exploitation over other attack vectors in 2024.
Symantec reported the exploitation of vulnerable edge services had surpassed botnets as the primary attack vector for ransomware campaigns in their 2024 report.
Verizon’s 2024 Data Breach Investigations Report (DBIR) found there was a 180% increase in the exploitation of vulnerabilities over the last year, with a 68% spike in breaches involving a third party that included partner infrastructure affected, directly or indirectly, by software supply chain issues.
When asked what he thought was behind this trend, West explained vulnerabilities in edge services provide cyber criminals with an opportunity to exploit a flaw en masse without having to develop bespoke tactics to target organizations specifically.
“There’s a whole ecosystem set up around [mass exploitation] now,” said West. “So if you can develop the capability to exploit the vulnerability in a service that’s exposed to the internet – as many threat actors do – and you can exploit that en masse, then you’re going to get big companies, small companies, medium-sized companies.”
He added that this approach is incredibly time-efficient, and allows threat actors to instantly identify thousands of potential targets using rudimentary internet scanning services.
“There’s no real place to hide in the IPv4 internet space anymore, there’s no obscurity… if you’ve got an IP address that’s routable via the internet and a vulnerable service on it, that is being kind of actively scanned for, it will get detected. Attackers have the capability to scan the entire internet for certain things in minutes nowadays.”
