Threat Snapshot 2 Blurring Boundaries 3 5 Key Findings 1 Tips 7 Stolen Access Credentials 6 Ransomware 5 Vulnerability Intelligence 4 Forward During 2024, ransomware groups continued to rampage, with the number of attacks continuing to grow both in sophistication and volume. Infostealers remain a top threat to organizations, as threat actors utilize stolen credentials to gain access to networks quickly and silently. AI continues to revolutionize the cybersecurity landscape, with significant potential to help security teams combat threats, as well as for exploitation in the hands of threat actors. Surprisingly, the biggest cyber incident of the year was the CrowdStrike crash on July 19, which took millions of systems offline was not a cyberattack. A problematic update pushed by the cybersecurity company reportedly caused 8.5 million systems to crash, and caused ~$5.4 billion in damages. 1 Advancements in AI Generative AI (GenAI) is transforming cybersecurity by enhancing tools for threat detection, automating responses and predicting emerging risks. By analyzing vast amounts of data, GenAI can identify patterns and anomalies that might go unnoticed by traditional systems, allowing for faster and more accurate threat detection. Additionally, AI-driven tools are being used for automated vulnerability assessments and generating real-time threat intelligence. GenAI streamlines incident response by swiftly analyzing breaches and executing initial measures. As threats grow more sophisticated and bad actors often leverage AI tools themselves, GenAI is becoming an indispensable resource for security teams in defending against these evolving challenges. In the past year, the LUMINAR Threat Intelligence Team has integrated generative AI into its systems, enhancing risk scoring and automatic data classification. In 2023, Cognyte developed a GenAI dashboard for LUMINAR, utilizing a proprietary threat intelligence repository with evidence-based data on global cybersecurity incidents from the past decade. For the analysis in this report, the team utilized AI-driven insights alongside LUMINAR's extensive data from diverse sources, including hacking forums, dark web marketplaces, ransomware leak sites, Telegram, commercial feeds, and other proprietary sources. The Impact of Armed Conflicts As armed conflicts intensified around the world, 2024 also provided a frightening reminder about how cyber activities support physical operations in war. In January 2024, it was reported that Russian military intelligence hacked public and privately owned camera feeds all over Ukraine. The hacked cameras were used for reconnaissance and for BDA (Bomb Damage Assessment) after the attack, to ensure it succeeded. 2 Threat Snapshot 2 5