Malware-as-a-Service accounts for 57 percent of all threats

No Comments

A new report from Darktrace reveals that Malware-as-a-Service (MaaS) is now responsible for 57 percent of all cyber threats to organizations, a 17 percent increase from the first half of 2024.

The use of remote access trojans (RATs) has also seen a significant increase in the latter half of last year, representing 46 percent of campaign activity identified, compared to only 12 percent in the first half.

Phishing remains attackers' preferred technique, with over 30.4 million phishing emails detected across Darktrace's customer base between December 2023 and December 2024. The techniques observed highlight how threat actors continue to curate more targeted and sophisticated emails to improve the success of their campaigns. Of all the phishing emails detected in 2024 38 percent were spear-phishing attempts, tailored attacks on high value individuals, while 32 percent used novel social engineering techniques like QR codes and AI generated text.

What's also concerning is that 70 percent of phishing emails successfully passed the widely used DMARC authentication approach and 55 percent passed through all existing security layers before Darktrace detection.

Nathaniel Jones, VP of threat research at Darktrace, says, "Email is at the forefront of the evolving threats we're seeing across the threat landscape. Ransomware-as-a-Service tools, combined with the growing use of AI, are allowing even low-skilled attackers to engineer convincing, targeted email attacks at scale, and making it harder than ever for traditional security measures to keep up."

Some of the most significant campaigns observed in 2024 involved the ongoing exploitation of vulnerabilities in edge and perimeter network technologies, with 40 percent of identified campaign activity in the first half of the year involving the exploitation of internet-facing devices.

"The combination of Cybercrime-as-a-Service, automation and AI are increasing the sophistication and diversity of attack techniques faster than ever -- from AI-enhanced phishing campaigns to evolving ransomware strains," adds Jones. "Detecting and responding to threats in progress is no longer sufficient. Organizations must prioritize cyber resilience by proactively addressing weaknesses across systems, people, and data before attackers can exploit them."

You can find out more on the Darktrace blog.

Image credit: solarseven/depositphotos.com

No Comments
Got News? Contact Us

Recent Headlines

Amazon kills its Android Appstore while Google Play remains the go-to choice

Mobile-first phishing attacks surge as specific capabilities are targeted

Cybersecurity professionals not happy in their jobs

Public sector professionals worried about the security risks of AI

Meta announces that Facebook Live videos will no longer be saved forever

Microsoft issues yet another reminder that it is killing off WSUS driver synchronization soon

Microsoft’s Majorana 1 quantum chip could break encryption and expose your data to hackers

Most Commented Stories

Who needs Windows 11? FreeXP is a modern version of Microsoft's greatest OS, powered by Debian Linux

46 Comments

Windows 12 won't pull me away from Linux unless Microsoft fixes these 5 things

45 Comments

AR OS 2 is everything we want Windows 12 to be -- and more

38 Comments

Google is the latest tech firm to drop diversity hiring targets following Trump’s executive orders

24 Comments

Oreon 10, our favorite Windows replacement, has just been updated -- and it's about to get much, much better!

14 Comments

Transform Windows 10 or 11 into Windows 7 in just five clicks

14 Comments

Microsoft is forcing the new Outlook for Windows app on Windows 10 users with the mandatory KB5051974 update

11 Comments

Microsoft and Apple should take a long hard look at Elon Musk’s ‘Big Balls’

10 Comments

© 1998-2025 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.