Mandiant 2024 Cybersecurity Report: Key Insights on Global Cyber Threats and Attacks

Mandiant 2024 Cybersecurity Report: Key Insights on Global Cyber Threats and Attacks

Mandiant, now part of Google Cloud, has released its comprehensive 2024 Cybersecurity Report, which is based on a staggering 450,000 hours of incident response work conducted throughout the year. The report reveals troubling trends in global cyber threats, focusing on China-nexus espionage, emerging attack vectors, and the continued exploitation of vulnerabilities by North Korean IT workers. One of the most notable findings from the report is the unprecedented frequency and volume of cyber intrusions linked to China-nexus espionage groups. These groups have been deeply involved in supporting China’s intelligence-gathering operations and are expected to remain active throughout 2025. The groups have been targeting critical areas, such as zero-day vulnerabilities in enterprise products and complex supply chain attacks. Mandiant’s CTO, Charles Carmakal, notes that these groups have maintained multi-year persistent backdoors on edge devices, indicating that attackers have long-term access to organizations, allowing them to infiltrate at will. This highlights the need for enterprises to prioritize vulnerability management and invest in stronger defensive strategies.

Another concerning trend highlighted in the report is the growing number of enterprise security incidents that originated from attacks targeting personal computers and email addresses. Many employees unknowingly expose corporate credentials when they synchronize their passwords across multiple devices, many of which are not properly secured. Additionally, the practice of disabling antivirus software to install pirated software on personal computers, particularly in lower-income countries, increases the likelihood of encountering infostealing malware. Cybercriminals are also targeting keywords like “VPN” and “SaaS solutions,” which they use to compromise enterprise networks. This underscores the importance of securing both corporate devices and educating employees about the risks associated with their personal tech usage.

The report also highlights the ongoing issue of North Korean IT workers gaining employment at organizations in the United States and Europe. These workers, who previously performed legitimate work, are now exploiting their positions for espionage. They often secure contract-based roles through staffing firms, which raises concerns about the vulnerability of global enterprises to state-sponsored cyber activity. Although these workers have been detected and removed more quickly in recent years, some are still engaging in extortion to compensate for lost wages. Mandiant warns that the threat of these actors publishing stolen data remains a concern, further complicating the issue of state-sponsored cybercrime.

In terms of statistics, the report reveals that the median dwell time for threat actors has increased to 11 days in 2024, compared to 10 days in 2023. The report also identifies the top three initial attack vectors: exploits, stolen credentials, and email phishing. Another troubling statistic is that 14% of security incidents were discovered because the threat actor themselves notified the victim of the compromise. This growing trend of cybercriminals taking credit for their attacks demonstrates the audacity of threat actors and highlights the need for organizations to remain vigilant.

Mandiant’s 2024 Cybersecurity Report serves as a crucial resource for businesses looking to improve their security posture. As the cybersecurity landscape continues to evolve, enterprises must remain proactive in defending against a wide range of threats, including espionage, phishing, and insider attacks. By strengthening their defenses and staying informed on the latest cyber threats, organizations can better protect themselves from the growing tide of global cybercrime.

Post Comment