Darktrace, a global AI for cybersecurity vendor, published its 2024 Annual Threat report. Of note, instances of malware-as-a-service (MaaS) are now responsible for 57 percent of all cyber threats to organizations.
Insights were observed by Darktrace’s threat research team using self-learning AI across its customer fleet of nearly 10,000, spanning all major industries, worldwide. In particular, it detailed a shifting threat landscape that is growing increasingly complex, marked by the rising sophistication of threats.
The persistence of cybercrime-as-a-service (CaaS) models – particularly ransomware-as-a-service (RaaS) and MaaS – is rapidly increasing, with MaaS tools in particular growing 17 percent in H2 2024.
Remote access trojans (RAT) use also represented 46 percent of identified campaign activity, compared to 12 percent in H1. RATs allow an attacker to remotely control an infected device to conduct further malicious activity, including data exfiltration, credential theft and surveillance.
Still, phishing remained attackers’ preferred technique, with over 30.4 million phishing emails detected across Darktrace’s customer fleet (Dec. 2023 – Dec. 2024), with threat actors continuing to curate more targeted, sophisticated emails to improve campaign success. Of all phishing emails logged in 2024:
- 38 percent were spear-phishing attempts on high-value individuals.
- 32 percent used novel social engineering techniques, including AI generated text with linguistic complexity such as increased text volume, punctuation and sentence length.
- 70 percent successfully passed the DMARC authentication approach.
- 55 percent passed through all existing security layers.
- 940,000+ malicious QR codes were identified.
Darktrace also observed increased instances of threat actors targeting third-party services such as Zoom Docs, QuickBooks, HelloSign, Adobe and SharePoint, to send phishing emails. By leveraging trusted platforms and domains, malicious actors can bypass traditional security measures and increase the likelihood of their phishing attempts being successful. These efforts highlight how threat actors continually adapt and evolve to keep pace with the emergence of new technologies that represent new avenues to exploit.
“Email is at the forefront of the evolving threats we’re seeing across the threat landscape,” said Darktrace VP of threat research, Nathaniel Jones. “Ransomware-as-a-service tools, combined with the growing use of AI, are allowing even low-skilled attackers to engineer convincing, targeted email attacks at scale, and making it harder than ever for traditional security measures to keep up.”
Most-significant campaigns observed involved vulnerability exploitation in edge and perimeter network technologies, with 40 percent of identified campaign activity in the first half of the year involving internet-facing devices.
In addition, Darktrace observed threat actors increasingly using stolen credentials to log into remote network access solutions such as VPNs to gain initial access to networks. Following initial access, threat actors tend to use legitimate tools and processes that are already present on infected systems to achieve their goals while remaining undetected.
“The combination of Cybercrime-as-a-Service, automation and AI are increasing the sophistication and diversity of attack techniques faster than ever – from AI-enhanced phishing campaigns to evolving ransomware strains,” said Nathaniel Jones, VP of Threat Research at Darktrace. “Detecting and responding to threats in progress is no longer sufficient. Organizations must prioritize cyber resilience by proactively addressing weaknesses across systems, people, and data before attackers can exploit them.”
