According to a new cyber threat report, there has been a surge in exploit attempts, a change in ransomware group dominance, and shifting trends in dark web behavior in the third quarter of 2024. This report from Nuspire found that exploit activity increased by over 50%, driven by a sharp rise in attacks against VPN technologies. On the ransomware front, a power shift emerged as RansomHub dethroned LockBit as the top extortion publication group, signaling evolving tactics in the ransomware ecosystem.
The Q3 2024 Cyber Threat Report offers an in-depth analysis of cyber threats over the past quarter. Key insights from the report include:
- Exploit Activity:
- A total of 16,964,624 exploitation events were detected in Q3, marking a 50.96% increase over Q2.
- Over 60% of these attacks targeted unpatched or outdated systems, focusing on VPN vulnerabilities.
- The Fortinet FortiOS SSL-VPN vulnerability (CVE-2022-42475) was the most exploited, with a significant uptick in attack attempts.
- Exploits targeting remote work environments saw a 45% increase, further highlighting the risks posed by hybrid workforces.
- Ransomware Trends:
- RansomHub ransomware overtook LockBit as the leading ransomware group, with an 8.06% rise in ransomware publications.
- Nearly 30% of all ransomware-related extortion in Q3 was attributed to RansomHub’s activity.
- 40% of successful ransomware attacks were initiated through phishing or exploited vulnerabilities.
- Smaller ransomware groups are adopting more agile tactics to evade law enforcement and detection.
- Dark Web Listings:
- Dark web activity decreased by 5.41% overall, but the Lumma Stealer infostealer saw a resurgence, with a 12% increase in listings.
- Demand for compromised VPN and cloud service credentials surged, with listings for these credentials increasing by 15%.
- High-value targets, particularly in healthcare, financial services and critical infrastructure, were prioritized in dark web transactions.
“This quarter’s findings highlight a clear shift in how cybercriminals are attackingāparticularly their exploitation of VPN vulnerabilities, which organizations often overlook in their broader security strategy,” said J.R. Cunningham, Chief Security Officer at Nuspire. “It’s no longer enough to rely on reactive measures. Businesses must adopt a more preemptive approach, strengthening their remote access controls and continuously assessing potential entry points. The rise of RansomHub also signals that ransomware actors are getting bolder, which calls for more robust incident response capabilities, not just at the technical level, but in how organizations manage the human and financial impact of these attacks.”
Click here to access the completeĀ Q3 2024 Cyber Threat Report.