Phishing Remains Top Cyber Threat Despite Drop in Incidents

Phishing remains the most common cyber threat, representing 37% of incidents in Q3 2024. However, incidents of credential exposure have increased to almost 89%, raising concerns about data security risks across industries, according to the latest report by ReliaQuest on quarterly attacker trends analysis.

Between May 1 and July 31, 2024, ReliaQuest analyzed customer incident data and cybercriminal forums to identify common cyber threats. While phishing still leads the list of threats, its impact has slightly diminished from previous years. On the other hand, exposed credentials are skyrocketing, now making up a substantial portion of security alerts—a jump of 29% from 2023.

Key Findings

Key findings of the attacker trend analysis are:

• Phishing incidents Still responsible for 37% of all incidents, phishing remains the most common method of attack.
• Exposed credentials: Alarmingly, 88.75% of the alerts tracked in the report pertain to exposed credentials. This represents a substantial increase from 2023’s 60%, underscoring the vulnerability that comes with poor credential management.
• Malware and RATs: In the malware space, “SocGholish” was identified as one of the most common Remote Access Trojans (RATs), affecting 23.4% of customers. SocGholish is often associated with phishing campaigns, further linking malware and credential exposure.
• MITRE ATT&CK insights: Techniques such as T1078 (Valid Accounts) and T1204 (User Execution) were frequently observed.

Trending IOCs

ReliaQuest’s report highlights trending IOCs, which are indicators of emerging threats consistently detected across customer environments.

1. Malicious IP addresses used to deliver phishing payloads, many of which are tied to credential-stealing operations.
2. Domains associated with SocGholish and other malware, often used as part of phishing lures or drive-by-download attacks.
3. File hashes of recently identified malware variants, particularly those designed to steal credentials or establish persistence on victim networks.

Recommendations

The following strategic recommendations can be taken to mitigate these rising threats:

1. Strengthen credential management: Implement multi-factor authentication (MFA), regularly audit user credentials, and enforce strict password policies to minimize the risk of exposed credentials.
2. Enhance phishing defenses: While phishing is declining slightly, it remains a significant threat. Organizations should continue investing in security awareness training and deploy advanced phishing detection tools.
3. Address malware proactively: Given the connection between phishing and malware, particularly SocGholish, companies should deploy endpoint protection solutions and regularly monitor systems for malware infections.
4. Map defenses to MITRE ATT&CK techniques: Organizations can enhance their detection and response capabilities by aligning their security tools with MITRE ATT&CK techniques.
5. Monitor and block IOCs: By proactively tracking and blocking malicious IP addresses, domains, and file hashes, organizations can prevent malicious activity tied to phishing and credential theft.

Long-Term Implications

The rise in credential exposure incidents has major implications for data privacy and security, especially in sectors handling sensitive information. Healthcare, finance, and government organizations are at risk, as one exposed credential can give attackers access to critical systems. Phishing campaigns’ evolving techniques call for a more proactive cyber defense approach, as relying on reactive measures may no longer be enough in an environment where attackers continuously innovate.