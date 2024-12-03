As I look back at 2024, several key trends stand out. One surprising phenomenon was the continued high frequency and effectiveness of DNS attacks. Akamai researchers recently observed that DNS was a component in 60% of Layers 3 and 4 distributed denial-of-service (DDoS) attack events in an 18-month period. Yet, there are solutions that can eliminate many of those attacks. Many of these attacks are reflector-based, with threat actors taking advantage of improperly configured servers. Simple DNS changes can prevent this and ensure that organizations don't inadvertently become part of the problem.

We saw a resurgence of the Mirai botnet, which has been responsible for some of the world's largest and most complicated attacks. It's one of the most interesting attack tools; it’s highly intelligent in how it takes over endpoints and locks out other actors. Mirai was quite prominent five years ago, then it disappeared — but now it's back with a vengeance.

This development underscores the need for organizations to focus not just on the size of attacks but also on their level of sophistication. Attack campaigns are becoming much more complex. Many security vendors are building in more intelligent automation to speed up response times, which is an appropriate move given the landscape.

Additionally, I firmly believe that access to security experts remains crucial. Sooner or later, every medium or large enterprise will face a cyber event and resolving it will require human expertise.

On the applications side, bot credential abuse continued to emerge as a major threat. These attacks, many committed by nation-state actors, are extremely challenging to mitigate. Determining whether an attacker is a bot or a human, or distinguishing between "good" and "bad" bots (Figure 1), requires experienced human experts to understand the unique customer environment and implement the appropriate protection measures.