In today’s evolving threat landscape, cyber defenders are constantly adapting to new adversarial tactics and emerging vulnerabilities. The latest 2024 Threat Hunter Perspective from OpenText sheds light on the most pressing threats, nation-state activities, and security recommendations enterprises must consider in the months ahead. Here are the key findings and expert insights to help you stay ahead of the curve.

Nation-state collaboration with cybercrime rings

One of the standout trends identified in the report is the increasing collaboration between nation-state actors and cybercrime rings. Adversaries are more coordinated than ever, launching synchronized attacks aimed at maximizing disruption and confusion.

• Russia: Cyber operations are ongoing, with particular focus on Ukraine and NATO countries, often leveraging criminal groups like Killnet and Lokibot to amplify attacks.
• China: Expanding its focus to South China Sea neighbors, China often partners with threat actors such as Storm0558 to support its geopolitical aims.

This coordination between state-sponsored and criminal actors means that CISOs must prepare for multi-faceted attacks that exploit both sophisticated malware and opportunistic for-profit schemes.

Adversarial timing: attacks tied to key events

As seen throughout 2024, many attacks have been keyed to specific geopolitical and cultural events. Cyber actors increasingly leverage moments of national or organizational vulnerability, such as holidays, sporting events, and political elections.

​

For example, the report highlights retaliatory attacks following Western support for Ukraine, which often occur within 24–48 hours of public announcements of aid or military assistance. Such attacks aren’t limited to government targets—they frequently impact private sector organizations involved in critical supply chains, such as transportation and logistics.

The top threat actors in 2024

Our report identifies the top 15 threats and threat actors that enterprises need to be aware of. Nation-state actors and criminal gangs are both prominent in this list, indicating the breadth and diversity of the modern threat landscape.

Notable names include:

• Killnet (Russia Nation-State)
• Storm0558 (China Nation-State)
• Akira (Criminal Gang)
• Black Basta (Criminal Gang)

These groups employ a variety of tactics, from ransomware to DDoS attacks, and their collaboration across borders only increases their effectiveness.

Predictions for fall 2024: A time of escalation

As we look ahead to Fall 2024, the OpenText report predicts a surge in cyber activity surrounding the U.S. presidential election. Cybercriminals and nation-states alike are expected to exploit the distractions of a heated election season to sow misinformation, disrupt services, and further their geopolitical goals.

In addition, the escalation of the cyber arms race is another area of concern. Both state and non-state actors are continuously developing and hoarding zero-day vulnerabilities, which could be unleashed during times of conflict to target critical infrastructure or compromise supply chains.

AI: Promise and peril

While AI continues to be a buzzword in cybersecurity, the report emphasizes that expectations are now coming into alignment with reality. AI is a valuable tool for enhancing security operations, but it’s not a magic bullet. Adversaries are leveraging AI as well, using it to evade detection and mimic legitimate traffic. The future of AI in cybersecurity will require a balanced approach, augmenting human expertise with machine learning insights.

Security recommendations for CISOs

The report closes with practical advice for enterprise CISOs, emphasizing the importance of foundational security practices:

• Eat your security vegetables: Basic measures like MFA, endpoint protection, and patch management remain crucial in defending against the majority of cyberattacks.
• Understand your supply chains: Supply chain risks continue to be a significant concern, and it’s essential to assess and monitor third-party partners for vulnerabilities.
• Be aware of timing: Many attacks are timed for moments of maximum disruption—whether during major business transactions, holidays, or public health crises.