The global spending on cybersecurity is set to exceed .63 trillion by 2029, primarily due to basic cybersecurity failures rather than sophisticated attacks. Common vulnerabilities exploited include those in file transfer software, VPNs, and other systems, highlighting the critical need for organizations to improve their cyber hygiene practices like patching and proper configurations. Affected: Cybersecurity sector, manufacturing, finance and insurance
Keypoints :
- Global cybersecurity spending is projected to reach over .63 trillion by 2029.
- Much of the financial loss is due to neglected cybersecurity basics.
- Common cyber vulnerabilities exploited in 2024 include problems with file uploads, VPN weaknesses, and command injections.
- Major industries affected by breaches include manufacturing and finance.
- Basic cybersecurity hygiene practices are critical to preventing breaches.
- Many organizations still fail to implement essential measures like multi-factor authentication and timely patching.
MITRE Techniques :
- T1190 – Exploit Public-Facing Application: Exploited vulnerabilities in applications like CLEO and BeyondTrust.
- T1203 – Credential Dumping: Attacks on Ivanti VPNs involved delaying patches and poor configurations.
- T1202 – Exploit for Client Execution: Remote Code Execution via vulnerabilities in Atlassian Confluence.
- T1078 – Valid Accounts: Utilizing poor authentication controls in ConnectWise Screen for unauthorized access.
- T1486 – Data Encrypted for Impact: Ransomware targeting VMware ESXI Hypervisors based on poor integration.
Indicator of Compromise :
- [CVE] CVE-2024–50623
- [CVE] CVE-2023–46805
- [CVE] CVE-2024–21887
- [CVE] CVE-2024–12356
- [CVE] CVE-2023–22527