Interactive Report Summary
Q4 and Full-Year 2024 Cyber Threat Report
As we reflect on a year of evolving cybersecurity trends, the final quarter of 2024 saw a 46% surge in ransomware extortion publications compared to the previous quarter. This increase was driven by Clop ransomware emerging as the most active group, surpassing RansomHub. In addition, exploit attempts increased by 72% compared to Q3 2024, with over 29 million exploit events detected. These findings highlight a significant escalation in cybercriminal operations. Hikvision camera vulnerabilities and Bash vulnerabilities saw significant increases in exploitation attempts, while firewall and VPN technologies remained top targets. Dark web marketplace listings decreased by 32%, but infostealers such as Lumma Stealer continue to be a threat.
Download the Report Top Findings at a Glance
Ransomware Spotlight: Clop
Clop ransomware emerged as the top threat actor in Q4 2024, surpassing RansomHub and escalating cybercriminal operations. Targeting high-value industries like finance and healthcare, Clop exploited zero-day vulnerabilities in Cleo’s file transfer products, compromising at least 66 organizations. Known for double-extortion tactics, the group has previously exploited platforms like Accellion FTA and MOVEit Transfer. Their activities contributed to a 46% rise in ransomware extortion, with demands reaching $20 million. The U.S. State Department has offered a $10 million bounty for links to foreign governments. Clop gains access via phishing and exploits, using tools like PowerShell for network spread.
Methodology
Hover over tiles to learn more
OCTOBER THROUGH DECEMBER
Q4 2024 in Review
Q4 2024 was marked by a surge in ransomware and exploit activity, a shift in dark web trends.
October
10.9
Microsoft’s October Patch Tuesday Addresses 5 ZeroDays, 118 Vulnerabilities
10.11
CISA Warns of Attacks Exploiting Critical Fortinet RCE Vulnerability
10.15
CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance
10.22
VMware Release New Patch to Fix Critical vCenter RCE Vulnerability
10.23
Fortinet Announces Critical FortiManager Zero-Day Vulnerability
10.31
October 31 Black Basta Ransomware Uses Microsoft Teams to Breach Networks
10.31
Redline and Meta Stealers Seized by Global Operation
November
11.7
CISA Warns of Large-Scale Spearphishing Campaign Using RDP Files
11.8
Cisco Patches Critical Vulnerability Affected URWB Access Points
11.13
Microsoft’s November Patch Tuesday Addresses 4 Zero-Days, 91 Vulnerabilities
11.19
Critical VMware vCenter Vulnerabilities Exploited in Attacks
11.26
Exploited Zero-Days Compromise Over 2000 Palo Alto Firewalls
December
12.4
LogoFail Exploited to Deploy Bootkitty to Infect Linux Systems
12.5
Chinese-Backed Threat Groups Target Major U.S. Telecommunications Stealing Data
12.9
Active Exploitation of Cleo Products for Previously Patched Vulnerability
12.11
Microsoft’s December Patch Tuesday Addresses 1 Zero-Day, 72 Vulnerabilities
12.12
New Patches Released for Actively Exploited Cleo Products
12.17
Critical BeyondTrust Vulnerability Receives Patches
Activity
Average
0
Total Publications Q4
0
Total Publications 2024
0%
Change from Q3
Ransomware
Ransomware Detection, Q4 2024Total ransomware publications in Q4 reached 2,247, reflecting a 46% increase from Q3. Across 2024, there were 8,156 total ransomware publications, highlighting the growing impact of ransomware threats.
How to Combat: Defend against ransomware with regular backups, endpoint protection, zero-trust security, and employee training. Keep systems patched and use advanced threat detection to stay ahead.
Ransomware
Activity
Average
-0%
marketplace listings in 2024
+0%
fraud-related topics discussed in 2024
+0%
Stolen Credential-related topics discussed in 2024
Dark Web Activity
In Q4 2024, while dark web marketplace listings decreased, malicious activity shifted to private channels with a significant surge in discussions about fraud, hacking, and stolen credentials. How to Combat: Implement a layered security approach including dark web monitoring and employee training to mitigate phishing risks and protect sensitive information.
Dark Web Activity
Activity
Average
0
Total Events 2024
0
Unique Variants
0% increase since 2023
Total Activity
Exploits
Q4 2024 In Q4, exploit activity surged by 72%
How to Combat
Stop exploits before they do harm by patching systems and security monitoring to thwart attackers and decrease risk.
Exploits
Stay Vigilant
Despite the varying levels of malware, botnet and exploit activity, bear in mind that just one successful breach can significantly impact your business. It's essential to maintain a clear view of your environment to defend against potential threats. As threat actors continually update their strategies, your security measures need to adapt accordingly. Always stay on guard!
Download the Report 
Justin Heard
Director of Security Operations
As Nuspire's Director of Security Operations, Justin Heard is at the helm of the company's key security initiatives, encompassing incident response, threat hunting and cyber intelligence. With over 16 years of experience in cybersecurity, including roles such as threat hunter, incident commander and intelligence analyst, Justin has a deep understanding of the cybersecurity domain. His leadership is instrumental in bolstering Nuspire’s defenses and adapting to the rapidly changing landscape of cyber threats.
Before his tenure at Nuspire, Justin enhanced his skill set in the defense sector, serving as a network administrator and security engineer. Justin has an associate degree in Computer Networking Systems from ITT Tech.
Josh Smith
Cyber Threat Analyst
Josh is a Cyber Threat Analyst at Nuspire who works closely in organizational threat landscapes, curating threat intelligence, and authoring Nuspire’s Quarterly Threat Landscape Report. Josh is currently pursuing his master’s degree in Cybersecurity Technology. Previously he served with the U.S. Navy as an Operations Specialist with 14 years of service. Josh has been quoted in Forbes, CSO Online, Channel Futures, Dark Reading, and others.