The threat landscape for late 2024 has been marked by significant activities from both established and emerging threat actors. Notably, the Lazarus group, affiliated with North Korea, intensified its cyber campaigns, particularly targeting cryptocurrency investors. Concurrently, Russian Advanced Persistent Threat (APT) groups have demonstrated sophisticated intrusion techniques, leveraging vulnerable networks and credential-based attacks to infiltrate target organisations. This report provides an overview analysis of these developments, policy and regulatory updates, product launches, and strategic recommendations to bolster cybersecurity defences.
Threat Actor Activity Overview
In October 2024, the Lazarus group orchestrated a global cyber campaign aimed at cryptocurrency investors. Utilizing a zero-day vulnerability in Google Chrome, they deployed a deceptive crypto game to install spyware capable of stealing wallet credentials and cryptocurrency assets. This operation marked a significant escalation in the group’s capabilities, incorporating AI-generated content to enhance the deception and effectiveness of their attacks.
Russian APT Intrusion Techniques
Researchers from Volexity uncovered that Russian APT actors employed a combination of vulnerable networks and daisy-chaining access to breach their target organisations. Initially, attackers executed credential surfing attacks to obtain passwords. While Multi-Factor Authentication (MFA) thwarted access to the primary target, the attackers exploited nearby organisations lacking MFA. By infiltrating devices with both Ethernet and Wi-Fi capabilities, they successfully bridged into the target organisation’s network.
Top Ransomware groups of the last three months
Most affected industries in the last three months
Most targeted countries
Policy and Regulatory Updates
Effective from 18 October 2024, the European Union has implemented stringent cybersecurity regulations targeting critical industries such as energy, health, transport, and financial services. Organisations operating within the EU or engaging in business with EU countries must review and adjust their incident reporting and response protocols to ensure compliance and enhance security postures.
US Cybersecurity Framework
The US Federal Cybersecurity Office has released a framework emphasizing zero-trust architecture to bolster protection for federal agencies. This framework advocates for strict access controls and continuous verification of user identities, aiming to reduce vulnerabilities within federal networks.
Product Launches
Google Cloud’s Security AI Workbench
Google has unveiled critical updates to its AI Security Workbench, enhancing its capabilities to address contemporary cybersecurity challenges. The platform now includes advanced compliance and governance tools for workloads hosted on Google Cloud and supports efficient response mechanisms through generative AI. Additionally, integration with Accenture provides advanced threat detection capabilities, offering organisations robust tools to counter emerging threats.
Microsoft Security Copilot Expansion
Microsoft has expanded its AI-powered Cybersecurity assistant, Security Copilot, to seamlessly integrate with the Microsoft Threat Intelligence platform. This integration leverages graph-based AI to map relationships between devices, identities, and data, enabling proactive threat intelligence and comprehensive security management for organisations.
2025: Trends and Expectations
- AI Regulation in Cybersecurity
- Anticipate increased focus on AI governance and security, with regulatory bodies likely introducing frameworks to manage AI-driven cybersecurity tools and threats.
- Quantum-Resistant Cryptography
- Expect advancements and trials in quantum-resistant cryptographic algorithms as organisations prepare for the advent of quantum computing and its implications on data security.
Most Exploited Vulnerabilities in the wild- January 2025
Outlined below are the key vulnerabilities reported to be actively exploited in the wild throughout November. It is crucial to apply patches promptly to mitigate risks:
- CVE-2024-12686 – Command injection vulnerability in BeyondTrust Privileged Remote Access and Remote Support, allowing remote threat actors to execute OS commands.
- CVE-2023-48365 – Qlik Sense HTTP Tunnelling vulnerability allowing privilege escalation and HTTP request execution. Exploited by the Cactus Ransomware group
- CVE-2024-41713 – Mitel MiCollab vulnerability enabling remote attackers to exploit insufficient input validation to access sensitive files.
- CVE-2024-55550 – Mitel MiCollab vulnerability allowing administrative credential holders to exploit insufficient input validation to access sensitive files.
- CVE-2024-12987 – Command injection vulnerability in DrayTek Vigor2960 and Vigor300B routers due to insufficient input sanitization, potentially allowing arbitrary command execution.
Mitigation Strategies
To combat the escalating threats from groups like Lazarus, Russian APTs and ransonmware groups, organisations should implement a layered defence approach:
- Multi-Factor Authentication (MFA): Enforce MFA across all access points to prevent credential-based attacks.
- Network Segmentation: Segment networking environments to isolate critical systems and reduce the attack surface.
- Proactive Dark Web Monitoring: Detect vulnerabilities and threat actor activities before they can be exploited.
- Employee Training: Conduct regular training sessions on phishing prevention and other cyber hygiene practices.
- Offline Backups: Maintain offline backups of critical data to ensure quick recovery without the need to pay ransoms.
Conclusion
As cyber threats continue to evolve in complexity and sophistication, organisations must remain vigilant and adaptable. The rise of AI-driven threats, quantum-resistant cryptography challenges, and persistent ransomware activities underscore the need for robust, proactive cybersecurity strategies. By staying informed, investing in layered security measures, and fostering a culture of continuous improvement, organisations can effectively safeguard their critical infrastructure and sensitive data against an ever-changing threat landscape.