Top 3 insights from the Q2 2024 Threat Report

Cato CTRL (Cyber ​​Threat Research Lab) has released the Cato CTRL SASE Threat Report for Q2 2024. The report highlights key findings based on the analysis of a massive 1.38 trillion network flows collected from April to June 2024 from Cato’s 2,500+ customers worldwide.

Key Insights from the Cato CTRL SASE Threat Report, Q2 2024

This report is packed with unique insights based on in-depth data analysis of network flows. Three key insights for businesses are:

1) IntelBroker: A Persistent Threat Actor in the Cyber ​​Underground

After extensive research in the hacking community and the dark web, Cato CTRL identified a notorious threat actor known as IntelBroker, a prominent figure and moderator within the BreachForums hacking community who has been actively involved in selling data and source code from major organizations such as AMD, Apple, Facebook, KrypC, Microsoft, Space-Eyes, T-Mobile, and the US Army Aviation and Missile Command.

2) 66% of brand impersonation cases are focused on Amazon

Cybersquatting is the practice of counterfeiting a brand’s domain name in order to profit from its registered trademark. According to the report, the most frequently counterfeited brand was Amazon, with 66% of those domains targeting the retail giant. Google came in a distant second with 7%.

3) Log4j still Being exploited

Despite being discovered in 2021, Log4j vulnerabilities remain a favored tool among threat actors. From Q1 to Q2 2024, Cato CTRL recorded a 61% increase in Log4j exploit attempts in inbound traffic and a 79% increase in WAN-bound traffic. Similarly, Oracle WebLogic vulnerabilities first identified in 2020 saw a 114% increase in exploit attempts within WAN-bound traffic over the same period.

Security Recommendations

Based on the report’s findings, Cato CTRL advises organizations to adopt the following best practices:

1. Regularly monitor dark web forums and marketplaces for mentions of your company’s data or credentials being offered for sale.
2. Employ tools and techniques to detect and mitigate phishing and other attacks that use cybersquatting.
3. Establish a proactive patching schedule that focuses on critical vulnerabilities, especially those that are actively targeted by threat actors, such as Log4j.
4. Create a step-by-step plan for responding to a data breach.
5. Adopt an “assume breach” mindset using methods such as ZTNA, XDR, and pentesting.
6. Develop an AI governance strategy.

For additional recommendations, including more details, please see the report.