Exploiting known vulnerabilities remains a leading tactic for initial system intrusions
Financially motivated cyber-attacks are now more prevalent than espionage-driven operations.
According to research from Mandiant, only eight percent of malware infections were linked to espionage in 2024, a drop from ten percent in 2023.
This shift reflects the rise of profit-driven attacks, particularly those involving stolen credentials and unsecured data. Mandiant attributed the change to a surge in cyber-criminals seeking fast financial gains through ransomware and infostealer malware.
The M-Trends report also found that exploiting known vulnerabilities remains a leading tactic for initial system intrusions, accounting for 33 percent of cases in 2024. Although this is a slight drop from 38 percent in 2023, it remains consistent with 2022 levels.
One major vulnerability - CVE-2024-3400 - was heavily exploited shortly after its public disclosure in April 2024, with over a dozen groups launching attacks. “Within two weeks of its disclosure on April 12, 2024, and the publishing of proof-of-concept (PoC) code on April 13, 2024, Mandiant observed more than a dozen separately tracked groups exploiting this vulnerability,” Mandiant said.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
