Get MILBERT.ai FREE for 90 daysActivate Now
    Back to Blog
    Threat Intel

    2024 Threat Landscape: Key Trends We're Seeing

    ThreatHunter.ai TeamOctober 19, 20247 min read

    Every day, our hunt teams monitor millions of events across diverse environments. This vantage point gives us unique insight into how the threat landscape is evolving. Here are the most significant trends we've observed in 2024.

    1. Living Off the Land Escalates

    Attackers continue to favor legitimate system tools over custom malware. We've seen dramatic increases in the abuse of PowerShell, WMI, and native remote management tools. These techniques blend in with normal administrative activity, making detection challenging for rule-based systems.

    Our response: MILBERT builds behavioral baselines for legitimate tool usage and flags deviations—like PowerShell being used by accounts that never run it, or at unusual times.

    2. Identity Is the New Perimeter

    With cloud adoption and remote work, traditional network perimeters have dissolved. Attackers have followed, shifting focus to identity systems. We've observed increases in:

    • Attacks against identity providers (Azure AD, Okta, etc.)
    • OAuth application abuse and consent phishing
    • Service account compromise
    • Attacks targeting SSO infrastructure

    3. Ransomware Operations Mature

    Ransomware groups now operate like professional businesses. We've observed:

    • Longer dwell times focused on reconnaissance and data staging
    • More sophisticated negotiation and victim communication
    • Supply chain targeting to maximize impact
    • Increased focus on backup destruction before encryption

    The good news: longer dwell times create more opportunities for detection. Our hunt teams have interrupted numerous ransomware operations during their reconnaissance phase.

    4. AI-Enhanced Attack Tooling

    Attackers are beginning to use AI to enhance their operations. We've observed AI-generated phishing content with fewer grammatical tells, automated reconnaissance tooling, and more adaptive attack patterns. However, the impact has been more incremental than revolutionary—so far.

    5. Supply Chain Remains a Target

    Compromising one vendor to access many victims remains attractive to sophisticated actors. We've tracked campaigns targeting:

    • Managed service providers (MSPs)
    • Software development pipelines
    • Hardware and firmware supply chains
    • SaaS platforms with broad customer bases

    Looking Ahead

    The threat landscape continues to evolve, but the fundamentals of defense remain constant: visibility into your environment, understanding of what normal looks like, and the capability to detect and respond when something isn't right. Our hunt teams remain vigilant, adapting our techniques as adversaries adapt theirs.