The National Cyber Security Centre has expressed concern at the lack of cyber resilience of UK institutions such as the BBC, NHS, Royal Mail, and British Library, according to findings from their year-end report for the previous year.

The report from the government cybersecurity organisation emphasises an insufficient level of investment into preventing large-scale cyber attacks. Interestingly, the UK is the third most targeted country in the world for cyberattacks, but organisations within the country can take up to 181 days to identify and another 75 days to contain a breach, making them particularly vulnerable for prolonged durations.

It has been revealed that over half of the malware incidents present immediate, significant risks. Pre-ransomware alone accounted for over 50% of the malware incidents which the solutions provider investigated, as per the Expel Annual Threat Report. The report also highlights an alarming 72% hike in cloud infrastructure incidents. Two out of every five incidents were catalysed by exposed credentials which enabled culprits to maintain access to the environment.

Further, as more businesses adopt cloud-based solutions, cloud misconfigurations are exploited to gain access to environments. According to the report, common misconfigurations such as that in Amazon Cognito allows attackers to create new accounts with excessive permissions and gain direct access. Intriguingly, cyber attackers are now utilising script-based files for pre-ransomware initial access, including JavaScript (39%), EXE (20%), and LNK (12%), among others.

Launched by Expel, a leading managed detection and response (MDR) provider, the Expel Annual Threat Report 2024 has analysed patterns and trends investigated by the firm's security operations center (SOC) and threat intelligence team throughout the preceding year. It provides actionable, strategic guidelines for operators and organisations across varied industries.

Identity threats have dominated for three consecutive years, accounting for 64% of all incidents investigated by the SOC, a volume increase of 144% from 2022 to 2023. "Sixty-nine percent of identity-based incidents involved malicious logins from suspicious infrastructure, which are hosting providers or proxies that aren't expected for a user or organisation—a trend we've noted in past years and one we expect to continue," said Daniel Clayton, VP, Security Operations at Expel. He further emphasised the vital collaboration in information sharing to improve security operations.

Notably, the rise of QR code phishing was observed in 2023, whereby the movement of activity from the user's workstation to the mobile device through QR codes made it an appealing technique for attackers. The investigation also noted that 96% of cloud infrastructure incidents occurred in Amazon Web Services (AWS).

Dave Merkel, co-founder and CEO at Expel, said, "Expel's operators face off against some of the most sophisticated cyber threats across industries, granting them front-line visibility into how these attacks and attackers constantly shift and evolve." He also emphasised the responsibility of the organisation to share the front-line insights with the larger security community in the collective fight against cyber threats.