Interactive Report Summary

Q1 2024 Cyber Threat Report

As we progress through the first quarter of 2024, the cyber threat landscape continues to evolve with increasing complexity. This period has seen a substantial surge in ransomware incidents, dark web commerce and exploit activities, reflecting a dynamic and challenging environment for cybersecurity professionals.  
Download the full report

Top Findings at a Glance

Ransomware

Q1 saw a 3.69% increase in ransomware publications

LockBit overcame law enforcement efforts, increasing activity by 1.74%

Dark Web

Dark web listings increased by 58.16%

Lumma Stealer more than doubled its activity in Q1

Exploits

Exploits spiked by 52.61%

20x increase in exploits against Hikvision camera command injection vulnerability

Image

Ransomware Spotlight: LockBit

LockBit has been a consequential player in the ransomware realm, particularly affecting the manufacturing industry. The Q1 2024 Threat Landscape Report reveals that the ransomware group's operations saw a 1.74% increase in extortion publications from the previous quarter, with a notable focus on the manufacturing sector due to its critical role in supply chains and potential for considerable operational disruptions.  

The manufacturing industry's complex IT and operational technology (OT) systems present unique security challenges, often making them prime targets for ransomware attacks. Historical underinvestment in cybersecurity within some industry sectors, combined with possessing valuable intellectual property, makes manufacturers particularly vulnerable. To combat these threats, it is crucial for organizations to implement robust cybersecurity measures, including regular system updates, comprehensive employee training, and advanced threat detection and response solutions. 

Methodology

How Nuspire produces its threat intelligence 

Hover over tiles to learn more

GATHER

Collects threat intelligence and data from global sources, client devices and reputable third parties.

PROCESS

Data is analyzed by a combination of machine learning, algorithm scoring and anomaly detection.

DETECT

Using Nuspire’s cloud-based SIEM, log data is ingested and alerts the security operations center (SOC). The SOC then notifies the client and works with them to remediate the threat.

EVALUATE

Analysts further scrutinize the research, scoring and tracking of existing and new threats.

DISSEMINATE

Analysts leverage the insights to constantly improve the SOC, alerting, and the community through the creation of detection rules, briefs, and presentations.

JANUARY THROUGH MARCH 

Q1 2024 in Review

Q1 2024 saw significant events such as Google OAuth account hijackings, the release of a BlackBasta ransomware decryptor, critical tech company vulnerabilities and patches, a major crackdown on LockBit ransomware, and numerous cybersecurity agency alerts on exploited vulnerabilities and threats. 

January
1.3
Infostealers abuse Google OAuth Endpoint to ‘Revive’ Cookies, Hijack Accounts
1.4
Researchers Release Decryptor for BlackBasta Ransomware
1.10
Microsoft’s January Patch Tuesday Addresses 49 Vulnerabilities, Including Two Critical
1.17
Over 178K SonicWall Firewalls Vulnerable to DoS, Potential RCE Attacks
1.18
FBI and CISA Warn of Androxgh0st Malware Attacks
1.23
CISA Emergency Directive Demands Action on Ivanti Zero-Day Vulnerabilities
1.24
Critical VMware vCenter Vulnerability Exploited in the Wild
1.31
New Ivanti Connect Secure Zero-Day Exploited by Threat Actors
February
2.6
Ivanti Connect Secure Zero-Day Now Under Mass Exploitation
2.7
Critical Cisco Vulnerability Allows CSRF Attacks on Express Series Gateways
2.9
New Fortinet RCE Vulnerability Announced for SSL-VPN
2.9
Critical Format String Bug Announced by Fortinet Affecting FGFM Daemon
2.14
Microsoft’s February Patch Tuesday Addresses 2 Zero-Days, 73 Vulnerabilities
2.15
Zoom Announces Critical Vulnerability for Desktop Application
2.19
SolarWinds Fixes RCE Vulnerabilities in SolarWinds ARM Products
2.20
Law Enforcement Seize LockBit Servers and Arrest Operators in Global Operation
2.20
ConnectWise Announces Critical Vulnerabilities Affecting ScreenConnect
2.23
UnitedHealth’s Optum Attacked, Causing U.S. Healthcare Billing Outages
March
3.5
Critical Vulnerability Announced in JetBrains’ TeamCity with Exploit Available
3.13
Microsoft’s March Patch Tuesday: Two Critical Security Updates Released
2.21
CISA, NSA, FBI and Five Eyes Issue New Alert on Chinese APT Volt Typhoon
3.27
CISA Warns of Active Exploitation of Flaws in Fortinet, Ivanti & Nice Linear

Let's Dive Into the Data

Q1 2024 saw a notable escalation in ransomware, dark web activities and exploitation events, reflecting a complex and evolving threat landscape. 

#
Activity
Average
0

Total Events

0

Publications Averaged Per Week

+3.0%

Increase in Publications

Ransomware

Detection, Q1 2024

There was an increase of 3.69% in ransomware publications compared to Q4 2023. 

How to Combat
To fortify defenses against ransomware, organizations should implement robust endpoint detection and response (EDR) systems, conduct regular data backups and enhance cybersecurity awareness among employees. These measures are crucial for preempting attacks and mitigating their impact. 

Ransomware

In Q1, ransomware activities surged, with a 3.69% increase in ransomware publications from Q4 2023. LockBit Ransomware remained prevalent despite law enforcement efforts, clocking an increase of 1.74%, demonstrating these threats’ persistent and adaptive nature.

#
Activity
Average
0

Total Marketplace Listings

0

Credit Cards For Sale

+58.0%

Increase in Total Listings

Dark Web

Detection, Q1 2024

Nuspire saw a 58.16% spike in dark web marketplace listings in Q1.

How to Combat
To combat dark web threats effectively, it is essential to implement comprehensive cybersecurity measures, such as advanced threat detection systems and stringent data protection protocols. A dark web monitoring service can enhance these efforts by continuously surveilling dark web marketplaces. Regular monitoring is crucial for early detection of potential threats and swift response to protect sensitive data.

Dark Web

Dark web marketplace listings saw a dramatic 58.16%, with significant trades in stolen data such as credit cards and email accounts. This rise indicates a bustling underground economy that poses a continuous threat to data security.

#
Activity
Average
0

Total Events

0

Unique Exploits Detected

+52.0%

Increase in Total Activity

Exploits

Detection, Q1 2024

In Q1, exploit activity surged by 52.61%.

How to Combat
Preventing exploits involves rigorous system patching, using firewalls with intrusion prevention systems, and staying informed through security news and vendor bulletins. Proactive security measures are vital to thwart attackers and reduce the risk of breaches.

Exploits

Exploitation events witnessed a sharp rise of 52.61% in Q1, with notable activity targeting vulnerabilities in systems like Hikvision cameras. This increase underscores the critical need for timely patching and system updates to prevent exploitation.

Stay Vigilant

Q1 2024 threat data indicates increased ransomware, dark web transactions and exploitation events, necessitating vigilant and comprehensive defense strategies. To safeguard against these evolving cyber threats, organizations should implement a cohesive strategy encompassing robust endpoint security, incident response planning, strict data protection, advanced monitoring, meticulous patch management and proactive vulnerability assessments. These combined measures create a solid framework to counter the dynamic and increasingly complex cyber threat environment. 
Download the Full Report