As we close out 2024, it’s essential to reflect on the cybersecurity landscape and highlight the most significant vulnerabilities and trends that have impacted businesses this year. For SMEs and organisations alike, staying ahead of cyber threats is crucial to protecting sensitive data, maintaining business continuity, and safeguarding customer trust. We’ve seen a myriad of new cyberthreats, alongside some key new technologies that could help businesses can fortify their security posture for the future.

1. Palo Alto Networks PAN-OS Vulnerabilities

One of the most critical vulnerabilities uncovered in 2024 was a command injection flaw in the GlobalProtect feature of Palo Alto Networks’ PAN-OS software (CVE-2024-3400). This vulnerability allowed attackers to execute arbitrary code with root privileges on affected firewalls, leaving networks exposed to significant risks. The flaw was actively exploited before patches were made available, underscoring the importance of timely updates and proactive configuration reviews. For SMEs relying on network firewalls for protection, this is a stark reminder to stay up to date with vendor security advisories and patching protocols to prevent exploitation.

To mitigate risks businesses must ensure that firewalls and security devices are patched promptly, and that configurations are regularly reviewed to eliminate any potential weaknesses.

2. Active Directory Certificate Services (ADCS) Misconfigurations

Misconfigurations in Active Directory Certificate Services (ADCS) remained a key vulnerability in 2024. These issues often occur when certificate settings are too relaxed or not set up correctly, which can allow cybercriminals to gain elevated access or take control of entire systems. Since ADCS is a critical part of many businesses’ IT setups, even small mistakes can create big security risks, exposing sensitive data and vital systems.

You can reduce these risks by reviewing and tightening your certificate settings, ensuring only the right permissions are granted, and keeping an eye on your systems with regular monitoring to catch and fix issues early.

3. CrowdStrike Falcon Sensor Incident

While CrowdStrike’s Falcon endpoint detection and response (EDR) solution is widely regarded as one of the best in the industry, a problematic update in July 2024 caused major disruption. The update led to millions of Windows devices experiencing blue screen errors and boot loops, impacting critical industries globally. Although the issue was eventually resolved, the incident highlighted the risks posed by vendor errors in security software updates. For SMEs, it emphasises the importance of planning for continuity and ensuring their business-critical systems can remain operational in the event of similar failures.

As a result of this incident, businesses were prompted to review their disaster recovery plans to ensure they can effectively respond to a kernel-level bug of this nature. Preparing for such scenarios has become a key focus to minimise disruption and maintain operational resilience.

4. Multi-Factor Authentication (MFA) Bypass Tactics

Despite its effectiveness in improving security, Multi-Factor Authentication (MFA) became a major target for attackers in 2024. Sophisticated phishing campaigns, social engineering tactics, and even MFA fatigue attacks, where users are bombarded with repeated push notifications, made bypassing MFA protections easier for attackers. Additionally, token theft via browser session hijacking proved that MFA is not invulnerable without additional safeguards.

To better protect your business, you can implement MFA with stronger safeguards, such as conditional access policies or phishing-resistant methods, and train staff to recognise phishing attempts and MFA fatigue tactics. This ensures MFA is a reliable defence rather than a vulnerability.

5. AI-Driven Phishing Campaigns

Artificial intelligence (AI) made its mark in 2024 by transforming phishing attacks into more sophisticated, personalised threats. AI tools enabled attackers to craft highly convincing phishing emails and messages at scale, bypassing traditional spam filters and tricking even the most vigilant users. By mimicking human communication styles and adapting in real time, AI-driven phishing campaigns have become far more effective and difficult to detect, posing a significant risk to organisations across various industries.

Its critical to invest in advanced email filtering and AI-driven threat detection tools that can identify AI-crafted phishing attempts. Regular employee training on identifying phishing emails and implementing stronger email verification processes can also help mitigate these risks.

Other Notable Trends and Attacks in 2024

Beyond these specific incidents, other notable trends have emerged in the cybersecurity space in 2024 including:

Ransomware Evolution: Ransomware attacks have continued to evolve, with cybercriminals now targeting not only organisations’ data but also their critical infrastructure. Businesses need to prioritise backups, encryption, and incident response plans to mitigate the risks posed by ransomware.

Cloud Security Concerns: As more businesses migrate to the cloud, the risks surrounding cloud security have grown. Misconfigured cloud settings, lack of proper access control, and insecure APIs are common vulnerabilities. SMEs must adopt best practices for cloud security, including strong authentication, encryption, and regular security audits.

Insider Threats: Insider threats remain a pressing concern, with both malicious and unintentional threats originating from within organisations. Implementing strict access controls, monitoring employee activity, and providing security awareness training can help reduce the likelihood of insider breaches.

Preparing for 2025

Cybersecurity is an ongoing journey, and the landscape is constantly evolving. SMEs must take a proactive approach to defending against these emerging threats. Here’s a summary of actionable steps:

• Stay up to date: Regularly patch and update all systems, software, and devices to ensure vulnerabilities are addressed.
• Enhance MFA: Strengthen multi-factor authentication with phishing-resistant methods and conditional access.
• Train employees: Regular cybersecurity awareness training can help employees recognise phishing attacks and safeguard against social engineering tactics.
• Monitor and audit: Implement continuous monitoring and perform regular security audits to identify vulnerabilities before they can be exploited.
• Back up and prepare: Ensure that critical data is backed up and that you have a comprehensive incident response plan in place to quickly recover from any attack.

As we look ahead to 2025, businesses must continue to adapt and remain vigilant. By addressing these key vulnerabilities and implementing best practices, organisations can protect themselves against the ever-growing and evolving cybersecurity threat landscape.

Need help securing your IT infrastructure? At razorblue, we specialise in providing tailored IT security solutions to protect businesses from the latest threats. Contact us today to find out how we can help you stay one step ahead.