CRD #5
On targeted industries, email security, 3rd party risk, DDoS & APIs.
Research highlights for security leaders from validated sources released between 5-25 August 2024, followed by a hyperlinked list of all monitored reports during the period.
We cut through the bias and marketing fluff to bring you relevant and objective insights backed by data and based on proper research.
Email security: be aware of file-sharing phishing attacks
Research from two companies monitoring email threats highlights a sharp rise in file-sharing phishing attacks, with Abnormal Security reporting a 350% year-over-year increase. HR, finance departments, and management are most frequently targeted, as attackers often exploit legitimate domains of familiar file-hosting or e-signature providers to deliver malicious content. These vendors also note that business email compromise (BEC) remains a growing concern, showing a 50% year-over-year increase.
Insurers report rapidly growing third party risk
Several cyber insurance providers report that vendor-driven incidents—cases resulting from third-party risks involving partners or suppliers—are the fastest-growing area of claims. For instance, analysis of Resilience's portfolio shows that these incidents accounted for over half of all losses during the first half of 2024. The trend is linked to "big game hunting" tactics employed by criminals and the impact of recent incidents with widespread effects, such as the exploited CVEs in popular firewall providers and attacks targeting Change Healthcare and car dealership software provider CDK Global.
DDoS trends: short & powerful attacks targeting gaming
Gcore's research, which analyzes DDoS attack trends based on internal cloud service data, reveals that gaming remains the most targeted industry, accounting for nearly half (49%) of all observed attacks in Q1 and Q2 of 2024. In online gaming, DDoS attacks are primarily used by malicious competitors seeking an edge in tournaments or matches. The analysis also notes that around two-thirds of the attacks targeted the network layer, with the remainder targeting the application layer. Notably, most of these attacks were “short and powerful,” typically lasting less than 10 minutes, making them difficult to defend against.
Healthcare and consulting increasingly targeted by “interactive intrusions”
CrowdStrike’s data reveals a 55% year-over-year increase in “interactive intrusions”— that is, non-automated attacks involving hands-on-keyboard activities by threat actors. The report identified 86% of these attacks were as financially motivated and thus associated with criminal activity. Supported by statistics on initial access broker ads, attacks on the healthcare and consulting sectors—likely seen as high-value targets with a strong incentive to pay ransom—have surged the most, with both experiencing approximately 150% year-over-year increases.
Attacks against web apps and APIs surge
According to Akamai's telemetry, attacks on web applications and APIs surged by 49% from Q1 2023 to Q1 2024. The commerce sector remains the most targeted by a wide margin, followed by high-tech and financial services. This sharp increase, along with the sector-specific trends, correlates with the expanding attack surface: the use of web apps and APIs has grown exponentially, particularly in the commerce industry.
Reports monitored: 5-25 August
To take a deeper dive in the topics most relevant for you, we've listed all the research reports that were published during the observed period.
About
evisec's Cybersecurity Research Digest provides security leaders verified strategic insights via a carefully curated weekly summary of evidence-led, unbiased and objective cybersecurity research publications. Read more about our service here.
