2024: Sysdig Cyber Strategist Reviews the Year’s Threats

Share
Reviewing the past can help enterprises prepare for the future. PICTURE: Gety
Sysdig Cybersecurity Strategist Crystal Morin talks about its 2024 Global Threat Year-in-Review to see what lessons can be learnt and taken into 2025

2024 was a tumultuous year for the cybersphere. 

A surge in DDoS, AI used in attacks and some industries endured some of the sector's biggest hacks ever. The digital frontier continues to evolve, making it hard to recap what the biggest threats faced where.

However, it is from these past events that we can learn. Often, new tactics rise from the ashes. 

So, to review this year and remind ourselves what to look out for, we spoke with Crystal Morin, Cybersecurity Strategist at Sysdig, about the company's 2024 Global Threat Year-in-Review.

Crystal Morin, Cybersecurity Strategist at Sysdig

LLMjacking: the new face of exploitation

One of the most alarming discoveries this year is LLMjacking.

Explaining this innovative attack, Crystal says: “The newest type of attack the Sysdig Threat Research Team (TRT) identified this year was something we called LLMjacking. An attacker is looking to use your organisation’s resources, though in this case, they’re looking for access to a large language model (LLM).”

Unlike traditional cryptomining attacks, where criminals use stolen resources to mine cryptocurrency, LLMjacking targets enterprise LLMs. The consequences can be financially catastrophic, with Crystal noting cases where resource consumption costs ranged from US$46,000 to US$100,000 in a single day.

This is not merely a hypothetical threat. Crystal highlighted a real-world instance where an individual's compromised account resulted in a massive cloud bill spike.

She recommended securing enterprise accounts, real-time usage monitoring, and understanding baseline network behaviours to mitigate such risks. These practical measures help organisations identify anomalies quickly, potentially averting major financial losses.

Open source tools: a double-edged sword

Another significant trend is the misuse of open-source tools by attackers. These tools, often used by security teams for legitimate purposes, are increasingly being exploited for malicious campaigns. 

“There is a commonality between security teams and attackers both using open-source tools and software to reduce spend, burnout, and improve processes,” Crystal explains.

She detailed the CRYSTALRAY campaign, where attackers repurposed tools like SSH-Snake and Sliver to target over 1,500 victims. This misuse underscores the importance of understanding user behaviour within an organisation.

Crystal emphasises the value of identifying anomalies, such as an HR employee deploying a security tool, as an indicator of potential misuse.

While open-source tools remain vital for security teams, this trend reinforces the necessity of vigilance in monitoring their use. Differentiating between legitimate and illegitimate activities is crucial to maintaining a robust defensive posture.

Future threats and proactive security measures

Looking ahead, Crystal shared her predictions about the evolving threat landscape.

Among them is the resurgence of DDoS attacks, which she warned may serve as distractions for more covert malicious activities. Additionally, the increased use of LLMs is expected to fuel sophisticated attacks like multi-factor authentication (MFA) bypassing and prompt injection.

Crystal also highlights a critical need to streamline cloud identity management. “Our threat research team found that 98% of granted permissions go unused,” pointing to over-permissioned accounts as a major vulnerability.

She proposes adopting the “555 Benchmark for Cloud Detection and Response”: detecting an attack within 5 seconds, investigating within 5 minutes, and initiating a response in another 5 minutes.

Ultimately, organisations are being urged to prioritise the basics, such as restricting access permissions, monitoring behaviour, and responding swiftly to threats.

Proactive measures today could prevent tomorrow’s headlines, as attackers continue to exploit technological advances to their advantage.


Explore the latest edition of Cyber Magazine  and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.

Discover all our upcoming events and secure your tickets today. 


Cyber Magazine is a BizClik brand

Share

Featured Articles

How The UK’s AI Plan Will Impact The Cybersecurity Sector

The UK’s £14bn AI investment requires enhanced cybersecurity measures as Kyndryl and Vantage Data Centres prepare for infrastructure expansion

Darktrace to Acquire Cado Security in Cloud Defence Push

AI cybersecurity firm Darktrace expands its cloud investigation capabilities through purchase of Cado Security, following recent acquisition by Thoma Bravo

Sophos MDR Reports 37% Customer Growth in Cybersecurity Push

Managed detection service now protects 26,000 organisations as demand rises for round-the-clock threat monitoring and incident response capabilities

Netskope Data Shows Phishing Success Rate Tripled in 2024

Cyber Security

CrowdStrike Field CTO Warns of Identity-Based Attacks Shift

Cyber Security

Gartner: How to Align Risk Management and Governance in 2025

Operational Security