Unpacking the Q2 2024 Threat Report: Ransomware, Dark Web and Exploits

In our latest webinar, Nuspire’s cybersecurity specialists Josh Smith and Justin Heard shared detailed insights from the Q2 2024 Cyber Threat Report. This session explored current cybersecurity trends, notable threats, and effective mitigation strategies crucial for organizations aiming to protect themselves from the shifting cyber threat landscape. 

Ransomware: Trends and Defensive Measures 

The webinar began with an analysis of ransomware activities, revealing a decline in ransomware extortion incidents. Over 1,400 were recorded in Q2, about 10% less than in Q1.  

Josh explained, “These ransomware operations involve attackers extracting data and publishing extortion demands on their sites. Despite a decline, groups like LockBit, Play and BlackBasta continue to be significant threats.” 

LockBit remained active despite increased law enforcement actions. Josh noted that LockBit’s activity surged following law enforcement intervention, possibly due to a last-ditch effort to ransom any organizations LockBit still had access to. Play Ransomware also saw a rise in its activities, using double extortion tactics to maximize its impact. 

Justin emphasized the critical role of endpoint detection and response (EDR) systems and routine data backups in recovering from ransomware incidents without paying ransoms. He also stressed the importance of cybersecurity awareness training to help employees identify and avoid phishing emails, which are common vectors for ransomware attacks. 

The Dark Web: Activity and Countermeasures 

Nuspire’s research revealed a 12% reduction in marketplace listings in Q2. Despite this, the sale of account access credentials, shell accesses and social security numbers increased. 

Lumma Stealer, previously the most active information stealer, saw a reduction in its listings. Rise Pro took the lead, targeting Windows systems through phishing campaigns and pirated software. Justin highlighted the necessity of multi-factor authentication (MFA) and regular dark web monitoring to stay alert to potential breaches and exposed credentials. 

Rising Exploits and How to Defend Against Them 

In Q2, exploits saw a 21% increase in activities compared to Q1, totaling nearly 15 million events. Josh pointed out the continuous risk from unpatched vulnerabilities, like the Hikvision Product SDK vulnerability (CVE-2021-36260), which experienced a significant rise in exploit attempts. 

Josh also emphasized the importance of Microsoft’s Patch Tuesdays, urging timely updates to prevent exploit attempts. He highlighted that even older vulnerabilities, such as those from 2017 and 2018 affecting Microsoft Office products, remain actively targeted. 

Justin recommended stringent patch management practices and frequent vulnerability scans to quickly identify and address security gaps. Additionally, network segmentation to isolate IoT devices was suggested to mitigate the spread of potential attacks. 

Final Takeaways and Resources 

A thorough review of the discussed threats underscored the importance of a layered security strategy. This includes technological solutions, administrative controls and continuous employee training to develop a strong cybersecurity posture. 

For those looking for a deeper dive into the topics discussed, the complete Q2 2024 Threat Report is available for download on Nuspire’s website. It offers detailed information and data-driven insights to assist organizations in safeguarding against the dynamic cyber threat landscape. 

You can also view the full webinar here.