Navigating Q3 2024’s Cyber Threats: Ransomware Shifts, Dark Web Resurgence and Surging VPN Exploits

In our Q3 2024 Threat Report webinar, Nuspire’s cybersecurity experts, Josh Smith and Justin Heard, shared highlights from this quarter’s Threat Report, covering ransomware trends, dark web activity, and increased exploit attempts. Here are the main takeaways and practical steps from the discussion, along with a link to the Q3 2024 Threat Report for deeper insights. 

Ransomware: Power Shifts Among Threat Actors 

Josh provided an analysis of ransomware trends, highlighting the notable rise in ransomware extortion activity this quarter. RansomHub has emerged as a dominant force, dethroning LockBit due to pressure from law enforcement. Meanwhile, Meow Ransomware made a strong debut, demonstrating increased activity and effectiveness. 

Josh explained that ransomware attacks now target the Professional and Technical Services sector more aggressively, overtaking manufacturing—a trend attributed to the sensitive data these firms handle.  

“These organizations are particularly valuable targets because of the volume of sensitive client data they hold,” he noted, adding that attackers often aim for firms with limited cybersecurity budgets and outdated technology. 

To combat these threats, Justin emphasized endpoint detection and response (EDR), robust backup strategies as core defenses, and consistent user awareness training to mitigate phishing risks.  

“The first thing we ask whenever we work with someone who’s been hit by ransomware is, ‘Do you have backups?’ It’s often the only way to recover,” he explained. 

Dark Web: Lumma Stealer’s Rebound 

In the dark web arena, Josh discussed the 5.41% drop in overall marketplace listings. Despite this, Lumma Stealer reclaimed its status as the top infostealer, demonstrating the ongoing value threat actors place on credential theft. This activity, often linked to phishing and infostealers, underscores the necessity of multi-factor authentication (MFA) and dark web monitoring to track and secure exposed credentials early. 

Justin added that user awareness and strict password policies are essential for defending against credential-based attacks.  

“The challenge with valid credentials is detecting when they’re being misused. Dark web monitoring gives us that alert to investigate user activity,” he noted.

Exploit Surge: VPN Vulnerabilities in the Spotlight 

Exploit activity surged by over 50%, with threat actors increasingly targeting VPN vulnerabilities. Notably, the FortiOS SSL-VPN exploit saw a staggering 4,000% increase in attempts, showcasing the critical need to prioritize MFA on all VPN connections and ensure prompt patching. 

Josh highlighted the significance: “VPNs are often the gateway to an organization’s network, so it’s essential to prioritize patching these devices as soon as vulnerabilities are disclosed.” Justin also recommended disabling unused services to minimize exposure, alongside regular vulnerability scanning, to maintain a proactive security posture. 

Final Takeaways and Resources 

As cyber threats grow in complexity, staying ahead requires a proactive, multi-layered approach to security. Josh and Justin wrapped up the session with actionable strategies every organization should consider, emphasizing that defending against threats isn’t just about having the right tools—it’s about building a security-conscious culture and staying agile in response to new attack trends.  

Here’s a summary of their top recommendations: 

• Stay Educated: Cybersecurity awareness training is vital. Equip employees to recognize phishing and credential-stealing tactics. 
• Layered Security is Essential: Adopting a multi-layered defense from EDR to dark web monitoring can help detect and stop threats early. 
• Prioritize Patch Management: With VPN exploits on the rise, timely patching and MFA can reduce the risk of unauthorized access. 

For a comprehensive dive into the quarter’s threats and mitigation tactics, download the full Q3 2024 Threat Report and view the webinar recording on our website. 

You can also view the full webinar here: Watch Now