Bridewell, a leading cyber security firm, has released its 2024 CyberScape Briefing, which reveals the most pressing threats set to affect critical national infrastructure (CNI) over the coming year.
The briefing, containing insights gathered by Bridewell's Security Operations Centre (SOC), highlights significant trends such as the expansion of Cobalt Strike usage, the rise of stealthy infostealers and the proliferation of deceptive fake updates.
Cobalt Strike, a potent digital technology originally created as a commercial penetration testing tool, formed 22% of the worldwide cyber threat infrastructure tracked by Bridewell specialists in 2023. In the same period, the usage of Cobalt Strike surged by 27%. It was found that China accounted for a notable 37% of the total deployments, raising the alert levels among cyber professionals worldwide who expect the trend to persist into 2024.
According to the briefing, the undercurrents of 2023 also saw a transformation within the community of infostealers — digital pickpockets of the cyber realm. Last year witnessed a shift from the use of prevalent Racoon Stealer variants, which saw a drop in popularity by 42%, towards new vectors like Ficker Stealer and WhiteSnake Stealer gaining momentum in the last quarter. Russia emerged as the primary source of infostealer infrastructure deployments, contributing to 31% of them. It's estimated that over 38% of Bridewell's clients encountered attempts from infostealers in 2023, a trend predicted to carry on in 2024.
Another significant trend identified was the rise of malicious code disguised as legitimate updates or 'fake updates'. This tactic, seeing cyber criminals adopt cunning strategies to dupe Internet users into downloading infected updates, accounted for 33% of the cyber threats faced by Bridewell's clients. SocGhoulish was recognised as the most common type of malware introduced through such infections.
The Director of Managed Security Services at Bridewell, Martin Riley, underscored the importance of vigilance and robust cyber security measures in the face of these evolving threats. Riley stated, "Our 2024 CyberScape Briefing reveals a world where the lines between legitimate tools and malicious intent are increasingly blurred. Where threats like C2 frameworks, infostealers and fake updates are evolving in sophistication and impact, it’s necessary for organisations to stay ahead of the curve."
Riley added, "Our intelligence experts have meticulously analysed the trends and patterns, providing invaluable insights that empower CNI organisations to fortify their defences against these insidious threats. Vigilance and comprehensive cyber security strategies will prove key to navigating this landscape in 2024."