The report highlights significant changes in the cybersecurity landscape, driven by sophisticated threat actors, an expanding attack surface and the transformative power of AI.
"Armed with a newfound arsenal of AI-based capabilities and a landscape littered with vulnerable systems, cybercriminals are having a moment,” said Noopur Davis, Chief Information Security and Product Privacy Officer, Comcast Corporation.
Our findings confirm that despite these advancements, a multi-layered approach combining advanced protection, detection, managed services, and vigilant maintenance of security practices, can help enterprises protect their digital assets and enhance their resilience against sophisticated threats.
This report offers a comprehensive overview of the rapidly evolving global cyber threat landscape, based on cybersecurity events detected by Comcast Business across its security customers in 2023. The report highlights an intensifying global threat landscape, including the following:
- AI amplifies cyber risks but offers powerful tools to mitigate threats.
For both bad actors seeking to steal corporate data and IT security professionals tasked with protecting it, AI is changing the rules of engagement. Defenders are increasingly utilizing AI and machine learning to analyze malware and log data at scale, as well as to scan entire systems for anomalies and automatically respond to threats. AI can act as a force multiplier for defensive teams working to safeguard their organizations and data.
- Phishing attacks are on the rise, threatening businesses worldwide.
Phishing remains the primary method used by attackers to gain initial access to networks, with over 2.6 billion interactions detected by Comcast Business. Additionally, over 90% of the phishing interactions Comcast Business blocked were designed to direct victims to phishing sites hosting malware. The trend underscores the need for robust anti-phishing technologies, user education, and email gateway platforms to combat this growing threat.
- Bad actors are employing advanced lateral movement techniques to navigate networks.
Remote services were the most exploited method for lateral movement, with over 409 million events detected by Comcast Business. Employing tools like Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR) can help IT staff identify early-stage threats by monitoring network activity for anomalies in user behavior. They help protect devices connected to enterprise networks by using AI to proactively detect, investigate, remove, and remediate malware, phishing, and ransomware.
- Attackers are increasingly using encrypted channels and proxies to hide their command and control (C&C) communications.
By exploiting these protocols, attackers can mask their malicious activities and evade detection. Domain Name System (DNS) tunneling remains a popular technique to bypass traditional security measures, with over eight million observed events. Similarly, Transmission Control Protocol (TCP) was used in 104,000 events to provide reliable communication channels, often with encrypted payloads that further obscure malicious activities. The use of Windows Remote Management (WinRM), which saw nearly 78 million events, was also prevalent. These methods underscore the need for sophisticated detection tools to identify and mitigate covert malicious activities.
- Distributed Denial of Service (DDoS) attacks and ransomware pose significant risks.
Comcast Business identified and blocked over one billion attempts to destroy data. Additionally, there were more than 126 million blocked instances of malware or botnets designed specifically for financial theft, underscoring the financial motivations behind many cyber-attacks. DDoS attacks remained a major threat to Comcast Business customers, with 103,000 reported events. This surge emphasizes the need for robust DDoS protection and mitigation strategies.
The report provides CISOs, CIOs, and security leaders with a deep dive into how cyber threats can breach and then spread across global networks. This analysis enables them to make informed security decisions for protecting critical assets. The report's trends and findings underscore the importance of adopting a multi-layered approach to cybersecurity to bolster defenses against evolving global threats.
To learn more about Comcast Business’s advanced cybersecurity solutions, or to access the full 2024 Comcast Business Cybersecurity Threat Report please visit: https://business.comcast.com/enterprise/products-services/cybersecurity-services.