Cato CTRL (Cyber Threats Research Lab) has released its Q2 2024 Cato CTRL SASE Threat Report. The report highlights critical findings based on the analysis of a staggering 1.38 trillion network flows from more than 2,500 of Cato's global customers, between April and June 2024.
Key Insights from the Q2 2024 Cato CTRL SASE Threat Report
The report is packed with unique insights that are based on thorough data analysis of network flows. The top three insights for enterprises are as follows.
1) IntelBroker: A Persistent Threat Actor in the Cyber Underground
During an in-depth investigation into hacking communities and the dark web, Cato CTRL identified a notorious threat actor known as IntelBroker. IntelBroker is a prominent figure and moderator within the BreachForums hacking community and has been actively involved in the sale of data and source code from major organizations. These include AMD, Apple, Facebook, KrypC, Microsoft, Space-Eyes, T-Mobile and the US Army Aviation and Missile Command.
2) 66% of Brand Spoofing Focuses on Amazon
Cybersquatting is the spoofing and exploitation of a brand's domain name to profit from its registered trademark. The report finds that Amazon was the most frequently spoofed brand, with 66% of such domains targeting the retail giant. Google followed, albeit at a distant second, with 7%.
3) Log4j Still Being Exploited
Despite being discovered in 2021, the Log4j vulnerability remains a favored tool among threat actors. From Q1 to Q2 2024, Cato CTRL recorded a 61% increase in attempted Log4j exploits in inbound traffic and a 79% rise in WANbound traffic. Similarly, the Oracle WebLogic vulnerability, first identified in 2020, saw a 114% increase in exploitation attempts within WANbound traffic over the same period.
Security Recommendations
Based on the findings of the report, Cato CTRL advises organizations to adopt the following best practices:
- Regularly monitor dark web forums and marketplaces for any mention of your company's data or credentials being sold.
- Employ tools and techniques to detect and mitigate phishing and other attacks that leverage cybersquatting.
- Establish a proactive patching schedule focused on critical vulnerabilities, particularly those actively targeted by threat actors, such as Log4j.
- Create a step-by-step plan for responding to a data breach.
- Adopt an "assume breach" mentality with methods like ZTNA, XDR, pen testing and more.
- Develop an AI governance strategy.
Read additional recommendations with more details in the report.