In 2024, understanding the cybercrime ecosystem has become crucial as ransomware attacks and data breaches continue to escalate. Executives must grasp the factors driving these increases and, more importantly, learn how to protect themselves from becoming victims.
Cyber threat intelligence has traditionally focused on identifying major cybercrime groups and state actors, often referred to as “Advanced Persistent Threats” (APTs). However, the majority of breaches are not perpetrated by these highly sophisticated actors. Instead, relatively low-sophistication attackers, often operating via social media or dark web forums, are responsible for most breaches. This focus on high-level threats has led to a reputation for cyber threat intelligence having “low actionability.” Concentrating solely on high-profile actors and tactics that contribute to only a fraction of attacks limits the usefulness of threat intelligence for the average company.
One significant trend driving data breaches is compromised identities through infostealer malware. Currently, over 70 million identities have been breached, and they are being traded within the cybercrime ecosystem. Infostealer malware, which captures credentials, session cookies, browser history, and crypto wallet data, has transformed breached identities from a minor issue in the 2010s to a leading cause of breaches in 2024. Many organizations are still unaware of this threat and do not respond effectively. An employee inadvertently downloading infostealer malware poses a more common threat than an APT conducting a mass cyber-attack.
The 2024 IBM-Xforce report highlights that the focus has shifted from “hacking in” to “logging in.” Approximately 10% of breached identities contain credentials for corporate IT systems, exposing millions of corporate credentials to cybercriminals. A study by Flare in 2023 revealed that criminals had sold hundreds of thousands of breached identities with corporate access, including credentials for VPNs, Single Sign-On environments, CRMs, and accounting software.
Breached identities are just one threat vector that exposes companies to breaches. Traditional Cyber Threat Intelligence (CTI) providers often lack depth and actionable insights. This is where Continuous Threat Exposure Management (CTEM) becomes crucial. CTEM focuses on identifying high-risk data exposures that leave organizations vulnerable to major incidents, ransomware attacks, or data breaches, including everything from breached identities to exposed data in misconfigured S3 buckets.
Effective CTEM solutions also present the latest trends in cyberattacks and data breaches in a way that is actionable and supports strategic decision-making. By evolving from traditional cyber threat intelligence to CTEM, organizations can significantly reduce their risk of data breaches and ransomware attacks, directing their security investments toward intelligence that drives actionable outcomes.