Group Purchasing
Group Purchasing

SANS 2024 Top Attacks and Threats Report

SANS 2024 Top Attacks and Threats Report (PDF, 3.26MB)Published: 01 Aug, 2024
Created by:
Domenica (Lee) Crognale
Domenica (Lee) Crognale

The SANS 2024 Top Attacks and Threats Report, published by SANS Institute in July 2024, breaks down the most dangerous emerging attack techniques discussed at the annual SANS keynote at RSA Conference, marking the 15th consecutive year SANS has delivered this briefing. The report combines analysis from the RSAC 2024 keynote panel with breach data from the Identity Theft Resource Center (ITRC), Verizon's 2024 Data Breach Investigations Report, and BlackBerry's Global Threat Intelligence Report to assess how AI is reshaping the attack and defense landscape.

Key findings:

  • A record high of 3,205 publicly reported compromises occurred in 2023, affecting more than 300 million individuals
  • The number of reported compromises increased more than 70% from the previous year, even as the total victim count declined
  • Supply chain attacks exceeded 2,700 incidents in 2023, a 2,600% increase since 2018
  • Verizon's 2024 DBIR identifies exploitation of vulnerabilities as the leading cause of supply chain attacks
  • Just slightly more than 50% of identified vulnerabilities were remediated within 60 days of disclosure
  • 85% of vulnerabilities remained unremediated at the 30-day mark, dropping to 20% still unremediated by 180 days
  • BlackBerry recorded a 70% year-over-year increase in unique malware files discovered, equal to 5.2 novel malware samples per second
  • Finance and healthcare were the industries most heavily targeted in BlackBerry's analyzed attack samples
  • Bots are more than 15% more likely than humans to correctly solve CAPTCHAs, and can do so faster
  • RSAC 2024's keynote panel named AI-powered child sextortion, generative AI election manipulation, AI-accelerated exploitation lifecycles, technical debt exploitation, and deepfake-driven identity verification failures as the five most dangerous new attack techniques

The report frames 2024 as a turning point where AI shifted from a defensive talking point to the primary accelerant on both sides of the attacker-defender divide: adversaries are using large language models to compress the vulnerability-to-exploit timeline faster than most patch cycles can respond, while defenders remain constrained by legacy technical debt, alert fatigue, and identity verification systems that were not built to withstand machine-speed deception. The consistent thread across every session, from SOC automation to zero trust identity, was that organizations still lack the tooling and AI-specific skill sets needed to keep pace with adversarial AI's current advantage. Findings were drawn from RSA Conference 2024 panel discussions moderated by SANS Technology Institute leadership, alongside third-party breach and threat intelligence data from the Identity Theft Resource Center, Verizon's 2024 Data Breach Investigations Report, and BlackBerry's year-end Global Threat Intelligence Report.

FAQ

Meet the expert

Domenica Crognale
Domenica Crognale

Domenica (Lee) Crognale

Senior Instructor

Domenica brings 20 years of mobile forensics experience supporting U.S. federal law enforcement and intelligence agencies while leading global training programs for elite investigative units including FBI and military special operations forces.

Read more about Domenica (Lee) Crognale