Interactive Report Summary
Q3 2024 Cyber Threat Report
The third quarter of 2024 saw significant developments in ransomware extortion tactics, an evolving lineup of infostealers and a surge in VPN-related exploit attempts. Ransomware groups have shifted strategies, with RansomHub surpassing LockBit as the leading ransomware operator, while VPN vulnerabilities became a prime target for threat actors. These emerging trends emphasize the need for proactive defense strategies to combat the growing complexity of cyber threats.
Download the full report Top Findings at a Glance
Industry Spotlight: Professional & Technical Services
The Professional & Technical Services sector, including law firms, accounting firms and consulting agencies, has overtaken manufacturing as the most targeted industry by ransomware in Q3. These organizations handle sensitive data, making them prime targets for ransomware operators, who now commonly use double extortion tactics. With average ransom demands of around $2.5 million, the pressure to avoid reputational damage is high, forcing many to pay. The lack of robust cybersecurity measures leaves many of these firms vulnerable.
Methodology
How Nuspire produces its threat intelligence
Hover over tiles to learn more
July THROUGH September
Q3 2024 in Review
Q3 brought numerous notable cybersecurity events, including critical patches from Microsoft and escalating ransomware activity. Threat actors continued to exploit zero-day vulnerabilities, with a significant focus on VPN security weaknesses.
July
7.1
Critical Out-of-Cycle Patch Released for Juniper Devices
7.1
OpenSSH Vulnerability “regreSSHion” allows root access
7.9
Critical Vulnerability “Blast-Radius” affecting RADIUS Protocol Announced
7.10
Microsoft’s July 2024 Patch Tuesday Addressed 4 Zero-Days, 142 Vulnerabilities
7.19
Worldwide BSOD Outage on Microsoft Windows Caused by EDR Update
7.19
CISA Warns of Actively Exploited RCE Vulnerability in GeoServer GeoTools Software
7.25
CISA Warns BIND 9 Users to Address New DNS Exploits
August
8.1
CISA Warns Users of VMware ESXi Vulnerability Exploited in Ransomware Attacks
8.9
North Korean Attackers Exploit VPN Update Flaw to Deploy Malware
8.13
Cisco Warns of Critical RCE Zero-Day in End-of-Life IP Phones
8.14
Microsoft’s August Patch Tuesday Addresses 10 Zero-Days, 6 Exploited
8.21
CISA Warns of Critical SolarWinds RCE Vulnerability Exploited in Attacks
8.22
CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks
8.27
SonicWall Releases Patches for Critical Access Control Vulnerability
8.29
CISA Releases Advisory on Iran-Based Threat Actors Enabling Ransomware Attack
September
9.5
VMware ESXi Servers Targeted by a New Cicada Ransomware Variant
9.11
Microsoft’s September 2024 Patch Tuesday Addresses 4 Zero-Days, 79 Vulnerabilities
9.12
Critical SonicWall SSL-VPN Access Control Vulnerability Exploited in Ransomware Attacks
9.19
CISA Warns of Recently Patched Windows Vulnerability Exploited in Infostealer Attacks
9.30
CISA Warns of Critical Ivanti vTM Auth Bypass Vulnerability Exploited in Attacks
Activity
Average
0
Total Ransomware Publications
0
Publications Averaged Per Week
0%
Increase In Publications
Ransomware
Detection, Q3 2024Ransomware publications increased by 8.06% in Q3, with RansomHub dethroning LockBit as the top ransomware group.
How to Combat
To fortify defenses against ransomware, organizations should implement robust endpoint detection and response (EDR) systems, conduct regular data backups and enhance cybersecurity awareness among employees. These measures are crucial for preempting attacks and mitigating their impact.
Ransomware
In Q3, ransomware extortion publications increased, with RansomHub emerging as the new leader in ransomware activity, overtaking LockBit, which saw a significant drop in extortion attempts. Despite increased law enforcement actions, ransomware groups continue to evolve their tactics, employing double extortion to pressure victims into paying ransoms. RansomHub’s affiliates have targeted various industries, focusing on critical infrastructure, healthcare and financial services.
Activity
Average
0
Total Marketplace Listings
0
Listings of Stolen Browser Data
0%
Decrease in Total Listings
Dark Web
Dark web marketplace listings decreased by 5.41%, but Lumma Stealer returned as the top infostealer.
How to Combat
To combat dark web threats effectively, it is essential to implement comprehensive cybersecurity measures, such as advanced threat detection systems and stringent data protection protocols. A dark web monitoring service can enhance these efforts by continuously surveilling dark web marketplaces. Regular monitoring is crucial for early detection of potential threats and swift response to protect sensitive data.
Dark Web
While dark web marketplace listings saw a slight decline, there was a resurgence of infostealer activity, with Lumma Stealer reclaiming its position as the leading malware variant sold on these platforms. Infostealers like Lumma allow cybercriminals to harvest sensitive information, including credentials and financial data, which are quickly sold to other threat actors. The drop in listings was largely driven by a decrease in stolen browser data offerings, but threats of identity theft and account compromise remain high, particularly as email and credit card access listings are still prevalent.
Activity
Average
0
Total Exploit Events
0
Unique Exploits Detected
+0%
Increase in Activity
Exploits
Exploit attempts surged by 50.96% in Q3, with a significant focus on VPN vulnerabilities.
How to Combat
Preventing exploits involves rigorous system patching, using firewalls with intrusion prevention systems, and staying informed through security news and vendor bulletins. Proactive security measures are vital to thwart attackers and reduce the risk of breaches.
Exploits
Exploit activity skyrocketed in Q3, with a marked increase in attacks targeting VPN technologies, such as Fortinet’s SSL-VPN heap buffer overflow vulnerability (CVE-2022-42475). Threat actors continue to exploit long-standing vulnerabilities in remote access technologies, taking advantage of organizations that have not yet patched their systems. These vulnerabilities provide cybercriminals with direct access to critical systems, enabling data exfiltration, malware deployment and further attacks.
Stay Vigilant
Q3 2024 saw a rise in ransomware publications, a shift in dark web marketplace trends with new types of data being targeted, and a surge in VPN exploit attempts, highlighting the growing sophistication of cyber threats. While dark web listings slightly declined, the return of Lumma Stealer and the spike in VPN vulnerabilities highlight how threat actors are evolving their tactics to bypass traditional defenses.
To combat these sophisticated threats, organizations need a comprehensive approach that includes services like endpoint security, dark web monitoring, meticulous patch management, and proactive vulnerability assessments. These efforts can be further augmented by AI-driven intelligence and enhanced visibility, enabling organizations to more effectively detect and respond to threats, strengthen their defenses and stay ahead of cybercriminals’ evolving tactics.