Threat Intelligence: Tracking Top Threats from Cybercriminals in 2024 

Cybersecurity is facing a growing wave of sophisticated attacks as adversaries continue to blend legitimate behaviors with malicious intent. According to Mimecast’s H2 2024 Threat Intelligence Report, threat actors are consistently finding new ways to exploit trusted systems, evade detection, and launch large-scale campaigns. 

Cyberthreat Trends During July-December 2024

Mimecast’s latest report reveals recurring patterns among cybercriminals’ methods. These include the exploitation of well-known, trusted services like Microsoft or DocuSign, and the use of tools originally designed for legitimate purposes, such as red team software, to bypass security. Such tactics create challenges for organizations, as detecting malicious activity becomes more technically complex.

One alarming trend is the increase in attackers leveraging compromised consumer routers. By using these devices as proxies, they send spoofed phishing communications at scale, obscuring their infrastructure and enabling high-volume credential theft. ISPs with inadequate anti-spam measures and weak email authentication are particularly vulnerable. This exploitation, combined with low-cost setups and minimal disruption to operations, has allowed large-scale email campaigns to flourish.

Meanwhile, "living off trusted services" (LOTS) — a technique where attackers use legitimate platforms such as Amazon S3 or BIGLOBE — is on the rise. This method makes detecting malicious activity much harder. By blending seamlessly into business workflows, these actors often go unnoticed until it’s too late.

Deceptive Techniques Evolve

Cybercriminals are also becoming more creative with their lures, often combining technical manipulation with psychological strategies to exploit victims’ trust. Examples of deceptive techniques include the following:

•  Copy/paste scams: One such method includes emails featuring broken or malformed links designed to bypass automated defenses. The messages instruct recipients to copy and paste the link into their browser, fooling email scanners and security controls. Pairing this with QR codes and phone-based scare tactics has made these campaigns exceptionally effective at gathering sensitive data.
• Audio deepfakes: Audio deepfake technology is also emerging as a highly convincing method to deceive employees in industries such as banking and insurance. Attackers send phishing emails through platforms like DocuSign, pairing them with fake audio calls that use deepfake software to impersonate C-suite executives or trusted business contacts. These calls are often used to authorize fraudulent activities, such as transferring funds or providing sensitive information.
• Facebook job scams: A uniquely alarming trend targets victims through fake job offers sent via a legitimate recruitment platform, Recruitee. By setting up lookalike domains that mimic high-profile brands, attackers lure individuals into providing their Facebook credentials using phishing pages enhanced with CAPTCHAs to avoid suspicion. These campaigns have seen growing success in the media, publishing, and retail industries.

The Consequences of Unchecked Threats

Failure to address these emerging threats puts organizations at increased risk of data breaches, financial losses, and reputational damage. The shift towards exploiting trusted systems means traditional security measures, like spam filters and antivirus software, may fail to detect malicious activities.

Additionally, these campaigns often operate globally, targeting diverse industries such as financial services, manufacturing, and hospitality, underscoring the need for a collaborative global approach to cybersecurity.

Secure Your Organization Now

Organizations must adopt proactive tactics to combat these evolving threats. Key strategies include implementing robust email authentication protocols, training employees on recognizing deceptive phishing tactics, and investing in advanced threat detection systems capable of monitoring both legitimate and suspicious activities within trusted workflows.

To gain deeper insights into these challenges and learn how to better protect your business, read the full H2 2024 Threat Intelligence Report.