Red Canary’s Midyear Threat Report Highlights Infostealer Surge Targeting MacOS Devices

Red Canary has released a midyear update to its 2024 Threat Detection Report, revealing key cybersecurity trends and evolving threats. Among the most notable findings is the rise of Atomic Stealer, an infostealer targeting macOS devices, which entered the top ten most common threats, ranking at number nine.

The report also highlights changes in the top MITRE ATT&CK® techniques, with identity and cloud-native attacks dominating the list. New techniques include Email Hiding Rule, where adversaries exploit compromised accounts by altering email settings to conceal their activities.

The report identified three significant changes in the top ten threats over the past six months: Atomic Stealer, targeting macOS credentials, payment data, and cryptocurrency wallets, made its debut at number nine; Scarlet Goldfinch, which uses fake browser updates to install malicious remote management software, entered the list at number seven; and ChromeLoader, a browser extension that hijacks web traffic to redirect to other sites, climbed to the first spot.

Identity Compromise: A Growing Vulnerability

The report stresses that compromised user identities remain a significant security challenge. It highlights several emerging threats related to user identities that security professionals should take note of, including Adversary in the Middle (AitM) attacks. In these attacks, perpetrators create fake login pages to capture user credentials and MFA codes in real-time. Another threat is token theft, which involves stealing session tokens after compromising a cloud service or account, particularly in AWS environments.

Additionally, the report highlights the technique of permission sprawl, which occurs when excessive user privileges are granted across systems. Lastly, there is the threat of application consent phishing, where attackers register malicious applications to deceive users into granting unauthorized access to systems and data via cloud.

Red Canary urges organizations to bolster defenses by implementing phishing-resistant MFA, passwordless authentication, and tighter control over user permissions.

Red Canary’s Chief Security Officer, Keith McCammon, notes that while technology solutions exist, operational complexity and costs often present challenges. “This is why it’s essential to seek out not only technical solutions, but to build teams and seek out partners who can maximize their effectiveness, and deliver around-the-clock operational capabilities.” McCammon said.

The full midyear Threat Detection Report provides detailed analysis of confirmed threats observed across Red Canary’s customer environments, offering insights based on both detection coverage and expert-led threat investigation.

Download the Red Canary 2024 Threat Detection Report here.