From ransomware to phishing, cyber threats continue to grow. The Situation Report 2024 by CyberCompare partner r-tec shows where companies are particularly vulnerable – and what they can do about it.
One of the biggest challenges when it comes to cyber security is staying up to date. Technologies are evolving, regulatory requirements are increasing, and attackers are adapting their methods faster than many organizations are adapting their security measures. In order to effectively prepare for cyberattacks, up-to-date know-how and practical findings are more important than ever. The Situation Report 2024 of r-tec’s Cyber Defense Center provides exactly this knowledge. Instead of abstract statistics, the report is based on real incidents that the cyber security service provider investigated and processed over the past year.
This highlights specific weaknesses in the digital security concept that can be found in many companies: for example, weak password rules, lack of network segmentation, poor logging and unprotected appliances in the network. VPN gateways or firewalls are particularly problematic if known vulnerabilities were not closed in a timely manner. Attackers exploit such gaps in a targeted manner, often automatically and increasingly supported by AI technologies. In several cases, r-tec was able to show how only one unsecured interface opened the way to the entire network.
Backups are no longer enough: Ransomware relies on double extortion
Ransomware continues to be a widespread and serious threat. Here, however, cybercriminals have adapted their strategy: Groups such as Akira or LockBit are now organized in such a way that they seem more like service providers than classic cybercriminals. At the same time, extortion methods have become more complex: In addition to classic data encryption, sensitive information is exfiltrated, combined with the threat of publishing it.
This increases the pressure on the affected companies enormously – also because it is accompanied by regulatory risks such as data protection violations and reputational damage. In such cases, backups alone are no longer sufficient to make the blackmail come to nothing. Without structured access controls, comprehensive visibility through central log data and a clear incident response strategy, many companies remain vulnerable.
Phishing as a Service makes constant monitoring a minimum measure
There is also a significant development in the area of phishing. Criminals today use so-called phishing-as-a-service platforms, which can be used to easily implement even complex attacks. Some of these tools even bypass two-factor authentication and access session tokens directly. r-tec documents several cases in which exactly this has been achieved – despite existing protective measures.
The decisive factor here is the ability to recognize suspicious login patterns at an early stage. Without continuous monitoring, many of these activities remain undetected at first. This makes it difficult to react quickly and increases the risk of attackers becoming entrenched in the system in the long term.
Network appliances are increasingly becoming a target for attacks
What the r-tec Situation Report 2024 also makes clear: Network appliances (such as VPN gateways, load balancers or proxy servers) and their protection are increasingly becoming the focus of cybercriminals who specifically target systems such as Fortinet, Citrix or Ivanti. By exploiting vulnerabilities – sometimes for months – hackers are able to compromise access and deactivate or manipulate security mechanisms.
Incident responders in particular often face major challenges when central log management fails or simply does not exist. Without clean logs, neither causes nor effects can be reliably traced. This makes both the investigation and the restoration more difficult.
From practice for practice: Optimizing with the help of real incidents
But as tense as the threat situation seems, pessimism and panic are the wrong reaction. While cyberattacks cannot be completely prevented, there is a way for more or less every risk to adequately prepare for them. The r-tec Situation Report 2024 offers a valuable opportunity to learn from concrete examples and shows important steps and measures to rethink internal security strategies, optimize them technologically and align them with current threats. If you are looking for well-founded insights that go far beyond general warnings, you will find them in the report.
r-tec is an experienced provider of cyber defense solutions with over 25 years of experience. With a team of over 90 specialists, the company operates its own Cyber Defense Center, which analyzes security incidents around the clock, defends against attacks and supports customers in strengthening their resilience. The expertise is based on hundreds of real incidents per year – tangible practical experience that is also reflected in the new report.
The r-tec Situation Report 2024 is available for download free of charge here.
