Annual Threat Report 2024

It is with great interest and growing concern that we present our findings for the 2024 Annual Darktrace Threat report. At Darktrace, we approach threat intelligence with a non-traditional perspective, rooting in the belief that identifying behavioral anomalies is crucial for identifying both known and emerging threats in the landscape.

While continuing to understand the threat landscape, we also have shifted to a more proactive approach to applying our methodologies across different data elements, threat hunting techniques, and community engagement across the cyber industry.

We believe this type of approach will not only improve early warnings to our customers but also provide insight to different critical infrastructure sector issues for the broader community. As we continue to evolve in an increasingly digital world, there are a few takeaways and observations that we would like to highlight. Attackers are focusing more on evasion via edge device vulnerabilities, Living-off-the-Land (LOTL), while also taking advantage of compromised Software-as-a-Service (SaaS) credentials, highlighting that identity continues to be an expensive problem across the estate and a persistent source of pain across enterprise and business networks.

Throughout 2024, we observed multiple threat trends across Critical National Infrastructure (CNI), with one key observation being the intensified race to identify software vulnerabilities. In 2020 MITRE listed roughly 18,000 vulnerabilities, while the current list for 2024 exceeds 29,000 .