Each quarter, the Cradlepoint Threat Research and Analysis (TR&A) Team publishes a threat intelligence report to inform customers about relevant changes in the threat landscape. This report covers events from April through June 2024.
Our Views on Recent Attacks
In the past quarter, warnings and reports of attacks on critical infrastructure published by government organizations such as the Cyber and Infrastructure Security Agency (CISA) topped cybersecurity headlines, followed closely by company data breach reports. CISA issued #StopRansomware reports for Black Basta and Akira ransomware, stating that affiliates gained initial access by exploiting application vulnerabilities. Application vulnerabilities were the most exploited category at 39% per the CISA Known Exploited Vulnerabilities (KEV) list, likely indicating an increased threat to unpatched, internet-facing applications. Info-stealer and loader malware were leading initial access techniques in data breach and ransomware attacks, with SocGholish and Atomic Stealer reported as the most active. CISA also published warnings of increased activity from APT40 using living-off-the-land techniques, and that proRussian hacktivists are likely to increase the impact of their attacks by using more sophisticated tooling.
Over 55 million people were impacted by non-Snowflake-related data breaches, losing sensitive information such as medical records, payment details, and passwords. Reports of data loss from attacks on customers using the Snowflake data cloud continued as organizations who failed to implement MFA on their accounts gradually disclosed the sensitive data they lost. However, only 11 of the estimated 165 impacted companies have confirmed a data breach as of June 2024. Additional reporting is expected as companies reach regulation time requirements for reporting a data breach.