Cyber Threat Index 2024: Scans, Honeypots, and CVEs
Once upon a time, cybersecurity and cyber insurance may have seemed like an unlikely partnership. However, recent years have shown us that, together, they can provide businesses with valuable insights into cyber risk.
As security practitioners, we understand the volatility of the cyber landscape. We observe threat actors pivot tactics, vulnerabilities proliferate, and attack surfaces grow as businesses offer more digital services. As insurers, we see firsthand how cyber incidents can disrupt business operations and harm profitability.
Combining the two perspectives — the appreciation of dynamic uncertainty from security and the loss quantification from cyber insurance — gives us insight into how businesses can continuously prioritize security to avoid disruptive cyber incidents.
Coalition continuously collects threat intelligence that builds a granular and accurate view of the cyber risks that require immediate attention from policyholders. We combine that data with proprietary claims and underwriting data to create prioritized remediation steps. But we also look beyond our policyholder base. Our mission is to protect the unprotected, so we aim to share our perspective on the cyber threat landscape with all businesses in order to help them actively reduce their risk posture.
To that end, I'm proud to announce the Coalition Cyber Threat Index 2024 is available today. This year’s report goes beyond our internet scanning dataset — our researchers have included insights and analysis gleaned from the high-profile vulnerabilities that impacted organizations of all sizes in 2023, and boy was it a busy year.
Scans, honeypots shed light on security pitfalls
Coalition's policyholder base spans small businesses with low-security maturity to enterprise organizations with complex networks and robust security teams. So, how do we assess and manage our policyholders' cyber risk exposure? A big piece of the puzzle is understanding what defenders, often unintentionally, expose to the internet. Threat actors are also looking for these assets for easy access.
We regularly scan not only our policyholders, but also 52 billion IP addresses on the public internet. By pairing the results of our scan data with insights from our global network of honeypots, we uncover the intersection between technologies exposed to the public internet and technologies cybercriminals are actively seeking to exploit.
Threat actors continue to exploit notoriously risky technologies that make it easy for them to gain unauthorized access. Despite this, many organizations persist in using known risky technologies, including outdated and unsupported products. Some key findings from our report include:
Scans from unique IPs looking for risky technologies (like Remote Desktop Protocol) increased by 59%
More than 10,000 businesses are running the end-of-life database Microsoft SQL Server 2000
In short, the technological decisions organizations make have the potential to greatly impact organizations’ security posture, whether or not they experience an adverse cyber incident.
Vulnerabilities continued to proliferate, challenging defenders
Once an asset has been exposed to the internet, the organization must regularly apply security patches to avoid compromise. This is no small feat, given that thousands of vulnerabilities are discovered monthly. While most vulnerabilities pose little threat, cyber criminals will inevitably exploit others. No team can address over 2,000 vulnerabilities every month, so prioritization becomes essential.
The exciting part of working in security research at Coalition is when all the data comes together to provide a pragmatic perspective on which vulnerability warrants immediate attention.
By combining cyber insurance, security, and claims data, we learn which technologies are so critical that they would have severe financial implications for policyholders if they were exploited directly or via the supply chain.
Of course, Coalition has skin in the game when it comes to helping businesses reduce their cyber risk. The 2024 Cyber Threat Index dives into trends from notorious Common Vulnerabilities and Exposures (CVEs) and evaluates the different data sources that help defenders prioritize threats.
Some key findings include:
We expect nearly 35,000 CVEs in 2024 — a 25% increase from the first 10 months of 2023
Honeypot activity spiked by 1,000% more than two weeks before the MOVEit security advisory was issued
By evaluating vulnerabilities with data, organizations can make effective decisions to mitigate the vulnerabilities that pose the greatest threat to their operations.
Deepen your knowledge of the cyber landscape
The Cyber Threat Index 2024 is the culmination of our view into cyber risk. By sharing this information with the security community and the businesses they defend, we hope they will have a new understanding of how vulnerabilities, threat actor behavior, and internet exposures contribute to cyber attacks.
Download the Cyber Threat Index 2024.