Top cybersecurity trends of 2024, according to Google research

The great thing about Google is they’ve got the resources to do some very thorough research. And based on over a thousand cybersecurity investigations and several hundred red teams over the year, Kevin Madia, CEO of Mandiant at Google Cloud, shared some interesting insights at the RSA Conference. Naturally, we captured them for you below.

• 1. There are few risks or repercussions for cybercriminals
• 2. Accelerated innovation on offense
• 3. Companies are more ransomware-aware than ever
• 4. Boards are more engaged in cybersecurity in 2024 than ever
• Preparing for cybersecurity trends

Unfortunately, the saying “crime doesn’t pay” isn’t holding up in 2024, according to Google. With criminal actors reaping billions of dollars in payments and slamming private companies, Kevin says there are very few downsides.

“The truth is, cyber intrusions are paying off . . . the question is, what do we do about it?”

The most obvious way to combat security threats—improving defense—is an obvious move, according to Kevin, but there needs to be two additional steps.

“We need to look at ways and means to track crypto," he said. "It’s not a great idea to have an anonymous currency [where you pay one place and it appears in another].

“The third thing is looking at the treaties we have and modernizing them. We need to ask law enforcement [and the authorities] . . . and revisit how we do attribution. We need to identify the safe harbors used by threat actors . . . and modernize treaties with them [to remove those safe havens].”

“In previous years, we used to have 33 zero-day attacks a year. This year, we found 97 in the wild,” Kevin said.

“Why are there so many? Maybe we got better at defense, so criminals have to use zero-days. Maybe they’re so well funded they can do that. Maybe we’re shipping bad software and not doing enough to patch it.”

According to Kevin, the signs pointed to the other side—the threat actors —becoming more advanced. He cited new techniques used by Chinese nexus Cyber Espionage and the sophistication of attacks being used.

He said the number one way people were breaking in was using an exploit (38%), followed by phishing (17%), prior compromise (15%), and stolen credentials (10%).

If you’re relying on multi-factor authentication (MFA) as a cure-all for your security woes, Kevin says it’s becoming less of a barrier for criminals to overcome.

“People now have push notification fatigue. They get so many messages, they approve by default.”

Threat actors also circumvented one-time passwords (OTPs) and time-based one-time passwords (TOTPs) by help teams being, well, too helpful.

“We can’t fix people swapping sims or your help desk trying to help people. Because what happens is bold people contact help teams to get [access to these accounts] . . . and help teams are helping them by giving them a OTP.”

“You need to do MFA that prevents help desks [from] giving away these OTPs.”

According to Kevin, the five most-seen MITRE ATT&CK sub-techniques that help with detection are anomalous use of PowerShell, web protocol and remote desktop protocol issues, and unusual behavior around service execution and file deletion.

“Not many companies have a dry run if ransomware happens," says Kevin. "‘How long before we’re up?’ is a hard question to answer, but almost every company has got to the stage where they’re aware of what to do when there’s a ransomware attack.”

Companies have run simulations on worst-case ransomware scenarios, gone through and shrunk their identity footprint, and segmented their networks.

“The biggest reason you’ll see boards more interested in cybersecurity is simple: They read the headlines,” Kevin said. 

“Secondly, boards go where there’s regulation. When the US government’s saying . . . you have to have the following reporting requirements annually for cyber, you get the board’s attention. They’re very engaged.”

Facing cyberseucirty trends starts with building security skills. Get started.

Learn more about what went down on the first day of RSA Conference 2024.