Interactive Report Summary

Q2 2024 Cyber Threat Report

The second quarter of 2024 has been marked by significant law enforcement actions against ransomware groups, such as the disruption of LockBit, evolving infostealer activities and a surge in exploit attempts. These developments underscore cyber threats' dynamic and constantly shifting nature, demanding heightened vigilance and adaptive security measures from organizations worldwide. 
Download the full report

Top Findings at a Glance

Ransomware

Q2 saw a 10.43% decrease in ransomware publications

LockBit activity declined due to law enforcement pressure, while Play Ransomware activity increased

Dark Web

Dark web listings decreased by 12.93%

Marked increase in SSN and account access listings

Exploits

Exploits spiked by 21.07%

Considerable activity targeting Web Server Password File Access and Log4j vulnerabilities

Image

Industry Spotlight: Manufacturing

The manufacturing industry remains a prime target for cybercriminals, particularly when it comes to ransomware attacks. According to Nuspire’s threat research, manufacturing has been the No. 1 targeted industry for ransomware for the past 6 months. The integration of IT and OT systems in manufacturing environments creates a continually growing attack surface. This factor, coupled with the use of legacy systems, insecure protocols and the industry’s critical role in supply chains, makes these environments particularly vulnerable, and thus attractive to threat actors.  

Methodology

How Nuspire produces its threat intelligence 

Hover over tiles to learn more

GATHER

Collects threat intelligence and data from global sources, client devices and reputable third parties.

PROCESS

Data is analyzed by a combination of machine learning, algorithm scoring and anomaly detection.

DETECT

Using Nuspire’s cloud-based SIEM, log data is ingested and alerts the security operations center (SOC). The SOC then notifies the client and works with them to remediate the threat.

EVALUATE

Analysts further scrutinize the research, scoring and tracking of existing and new threats.

DISSEMINATE

Analysts leverage the insights to constantly improve the SOC, alerting, and the community through the creation of detection rules, briefs, and presentations.

April THROUGH June

Q2 2024 in Review

Q2 2024 was marked by notable developments in the cybersecurity landscape, reflecting an ongoing battle between cybercriminals and defenders. This quarter saw a series of critical vulnerability patches from major tech companies, including Ivanti, Microsoft and Palo Alto, addressing issues that allowed remote code execution and denial-of-service attacks. State-sponsored threat actors exploited zero-day vulnerabilities in Cisco systems to breach government networks, while Okta reported an unprecedented surge in credential-stuffing attacks. Law enforcement actions against ransomware groups, particularly LockBit, led to a notable decline in activity.  

 

April
4.4
Ivanti Patches VPN Gateway Vulnerabilities, Allowing RCE, DoS Attacks
4.10
Microsoft’s April Patch Tuesday Addresses 150 Vulnerabilities and Two Zero-Days
4.12
Critical Command Injection Vulnerability in PAN-OS GlobalProtect Announced by Palo Alto
4.18
PuTTY SSH Client Vulnerability Allows Private Key Recovery
4.25
State-Sponsored Threat Actors Exploit 2 Cisco Zero-Day Vulnerabilities to Breach Government Networks
4.30
Okta Warns of Unprecedented Surge in Credential Stuffing Attacks
May
5.9
LockBit Administrator and Lead Developer Identified, Sanctioned in U.S., U.K. and Australia
5.10
Two New BIG-IP Next Central Manager Flaws Allow Device Takeover
5.15
Microsoft’s May 2024 Patch Tuesday Addresses 3 Zero-Days, 61 Vulnerabilities
5.20
QNAP QTS Zero-Days Publicly Exposed
5.29
Check Point Releases Emergency Patch for Exploited VPN Zero-Day
June
6.6
Zyxel Releases Emergency Security Update for End-of-Life NAS Devices
6.7
CISA Warns of Actively Exploited Kernel Privilege Escalation Vulnerability
6.13
Microsoft’s June 2024 Patch Tuesday Addresses 1 Zero-Day, 51 Vulnerabilities
6.20
VMware Fixes Critical vCenter RCE Vulnerability
6.26
Newly Announced Critical Vulnerability Affecting MOVEit Transfer Under Attack
6.27
Chinese and North Korean Threat Actors Target Global Infrastructure with Ransomware

Let's Dive Into the Data

While there was a decline in ransomware and dark web activities, exploit attempts surged, highlighting the need for continuous vigilance and adaptive security measures. 

#
Activity
Average
0

Total Events

0

Publications Averaged Per Week

-0.43%

Decrease in Publications

Ransomware

Detection, Q2 2024

There was a decrease of 10.43% in ransomware publications compared to Q1 2024.

How to Combat

To fortify defenses against ransomware, organizations should implement robust endpoint detection and response (EDR) systems, conduct regular data backups and enhance cybersecurity awareness among employees. These measures are crucial for preempting attacks and mitigating their impact.

Ransomware

In Q2, ransomware activities declined, with a 10.43% decrease in ransomware publications from Q1 2024. Law enforcement efforts considerably hampered LockBit’s operations, leading to a reduction in their activity. However, Play Ransomware activity increased slightly, demonstrating these threats’ persistence and adaptability. 

#
Activity
Average
0

Total Marketplace Listings

0

Listings of Credit Cards for Sale

-0.93%

Decrease in Total Listings

Dark Web

Detection, Q2 2024

Nuspire saw a 12.93% decrease in dark web marketplace listings in Q2. 

How to Combat

To combat dark web threats effectively, it is essential to implement comprehensive cybersecurity measures, such as advanced threat detection systems and stringent data protection protocols. A dark web monitoring service can enhance these efforts by continuously surveilling dark web marketplaces. Regular monitoring is crucial for early detection of potential threats and swift response to protect sensitive data.

Dark Web

Despite the overall decrease in dark web marketplace listings by 12.93%, there was a notable increase in listings for Social Security Numbers (SSNs) and account access, indicating a growing threat of identity theft and financial fraud. This rise underscores the need for robust personal data protection and continuous monitoring to safeguard against these heightened risks. 

#
Activity
Average
0

Total Events

0

Unique Exploits Detected

0.07%

Increase in Total Activity

Exploits

Detection, Q2 2024

In Q2, exploit activity surged by 21.07%.

How to Combat

Preventing exploits involves rigorous system patching, using firewalls with intrusion prevention systems, and staying informed through security news and vendor bulletins. Proactive security measures are vital to thwart attackers and reduce the risk of breaches.

Exploits

Exploitation events witnessed a jump of 21.07% in Q2, with notable activity targeting vulnerabilities in systems like Web Server File Access, Log4j, and Hikvision cameras. This increase underscores the critical need for timely patching and system updates to prevent exploitation. 

Stay Vigilant

Q2 2024 threat data indicates decreased ransomware and dark web transactions but increased exploitation events, necessitating vigilant and comprehensive defense strategies. The decline in ransomware and dark web activities should not be misconstrued as a sign of safety; cybercriminals may be retooling their techniques or shifting their focus to other attack vectors. To safeguard against these evolving cyber threats, organizations should implement a cohesive strategy encompassing robust endpoint security, incident response planning, strict data protection, advanced monitoring like Dark Web Monitoring, meticulous patch management and proactive vulnerability assessments. These combined measures create a solid framework to counter the dynamic and increasingly complex cyber threat environment. 
Download the Full Report