Top Three Menace Report Observations for the Second Quarter of 2024

Sep 12, 2024The Hacker NewsThreat Intelligence / Cybercrime

Cato CTRL (Cyber Threats Research Lab) has unveiled its Q2 2024 Cato CTRL SASE Threat Report. The report showcases significant discoveries derived from the scrutiny of an impressive 1.

Sep 12, 2024The Hacker NewsThreat Intelligence / Cybercrime

Top 3 Threat Report Insights for Q2 2024

Cato CTRL (Cyber Threats Research Lab) has unveiled its Q2 2024 Cato CTRL SASE Threat Report. The report showcases significant discoveries derived from the scrutiny of an impressive 1.38 trillion network flows from over 2,500 of Cato’s global clients, between April and June 2024.

Primary Takeaways from the Q2 2024 Cato CTRL SASE Threat Report

The report is filled with distinctive observations grounded on comprehensive data assessment of network flows. The foremost three observations for businesses are outlined below.

1) IntelBroker: A Persistent Threat Actor in the Cyber Underground

After an extensive inquiry into hacking communities and the hidden web, Cato CTRL pinpointed a notorious threat actor recognized as IntelBroker. IntelBroker stands out as a notable personality and facilitator within the BreachForums hacking community and has been actively engaged in the trade of data and source code from major corporations. These encompass AMD, Apple, Facebook, KrypC, Microsoft, Space-Eyes, T-Mobile, and the US Army Aviation and Missile Command.

2) 66% of Brand Spoofing Focuses on Amazon

Cybersquatting refers to the imitation and exploitation of a brand’s domain name to capitalize on its registered trademark. The report reveals that Amazon was the most frequently imitated brand, with 66% of such domains targeting the e-commerce behemoth. Google trailed behind, albeit at a considerable distance, with 7%.

3) Log4j Still Being Exploited

Despite its discovery in 2021, the Log4j vulnerability remains a favored instrument among threat actors. From Q1 to Q2 2024, Cato CTRL registered a 61% surge in attempted Log4j exploits in inbound traffic and a 79% hike in WANbound traffic. Likewise, the Oracle WebLogic vulnerability, initially identified in 2020, witnessed a 114% upturn in exploitation attempts within WANbound traffic over the same period.

Security Guidelines

According to the report’s insights, Cato CTRL recommends organizations to embrace the subsequent best practices:

Consistently monitor dark web forums and marketplaces for any indications of your company’s data or identities being traded.
Utilize tools and methodologies to identify and counteract phishing and other assaults that exploit cybersquatting.
Institute a proactive patching schedule concentrated on crucial vulnerabilities, especially those actively pursued by threat actors, like Log4j.
Draft a systematic strategy for dealing with a data breach.
Embrace an “anticipate breach” mindset with approaches such as ZTNA, XDR, pen testing, and more.
Develop an artificial intelligence governance strategy.

Find further recommendations with additional details in the report.

Discovered this article intriguing? This article is a contributed piece from one of our esteemed partners. Keep up with us on Twitter and LinkedIn to explore more exclusive content we publish.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts