Cybersecurity firm Cato Networks has published its latest findings in the Q2 2024 Cato CTRL SASE Threat Report, an in-depth analysis based on an extensive dataset of network flows—over 1.38 trillion—from more than 2,500 customers globally. This high volume of data, gathered between April and June 2024, reveals alarming trends in the cyber threat landscape.

One of the standout revelations from the report is the identification of a prominent threat actor known as IntelBroker, who operates within the dark web. IntelBroker has gained notoriety as a moderator on BreachForums, where he has been actively involved in the sale of sensitive data and source code from several high-profile organizations, including AMD, Apple, Facebook, Microsoft, and the US Army Aviation and Missile Command. This highlights a concerning trend of persistent, organized cybercriminal activity posing significant risks to enterprises.

Additionally, the report indicates that a staggering 66% of brand spoofing incidents are directed at Amazon, making it the primary target for cybersquatting activities. Such tactics involve exploiting a brand’s domain name for financial gain, with Google trailing significantly at 7%. These statistics underscore the need for businesses to remain vigilant against impersonation schemes that leverage their brand equity for malicious ends.

Further adding to the alarming developments is the continued exploitation of the Log4j vulnerability, which was first discovered in 2021. Cato CTRL observed a troubling 61% increase in attempted exploits aimed at this vulnerability in inbound traffic from Q1 to Q2 2024, coupled with a 79% rise in attempts targeting WANbound traffic. Likewise, the Oracle WebLogic vulnerability has seen a dramatic 114% increase in exploitation attempts during the same timeframe, underscoring that older vulnerabilities can still pose significant risks if not adequately addressed.

In light of these findings, Cato CTRL outlines several security measures businesses should implement to mitigate these growing threats. Regular monitoring of dark web forums for compromised data, employing proactive phishing detection strategies, and initiating a rigorous patch management process for vulnerabilities like Log4j are critical steps in enhancing an organization’s cybersecurity posture. Businesses are advised to take a proactive stance towards incident response planning, implementing an “assume breach” strategy with advanced security frameworks such as Zero Trust Network Access (ZTNA) and Extended Detection and Response (XDR).

Security professionals must understand the possible tactics and techniques employed during these cyber incidents, many of which align with the MITRE ATT&CK framework. Identifying these tactics can provide essential insights into attackers’ methodologies, enabling organizations to enhance their defenses effectively. Techniques may include initial access via exploitation of public-facing applications, persistence through compromised user credentials, and privilege escalation to gain elevated access within network environments.

In conclusion, the findings from the Q2 2024 Cato CTRL SASE Threat Report serve as a stark reminder of the evolving threats posed by cybercriminals and the importance of robust cybersecurity measures. Business owners must stay informed and engaged in ongoing security initiatives to safeguard their organizations against potential breaches.

For further details on security recommendations, stakeholders can reference the full report available on the Cato Networks website.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.