CloudSEK has unveiled its 2024 Threat Landscape Analysis, offering eye-opening insights into the escalating cyber threat ecosystem. This comprehensive report brings to light the scale, sophistication, and implications of cybercriminal activity in 2024, revealing the vulnerabilities and industries most at risk while providing actionable solutions to bolster defences.
From underground forums to ransomware extortion, the report serves as an indispensable guide for organizations, policymakers, media, and cybersecurity professionals navigating today’s volatile threat environment.
Unveiling the dark web: Threat actor activity and trends
The dark web remains a thriving marketplace for stolen data, illicit services, and digital espionage. In 2024 alone:
- 45 highly active threat actors identified: Out of hundreds of threat actors, 45 cybercriminals collectively traded over 534,833 GB (534TB) of stolen data, targeting businesses and individuals worldwide.
- Key forums in focus: Platforms like BreachForums, Leakbase, and XSS dominated as hubs for data trading and illegal activities. BreachForums saw a sharp resurgence after a temporary FBI seizure in May, resulting in heightened activity through the latter half of the year.
- Data in demand: Threat actors sold personal identifiable information (PII), credentials, customer data, medical records, and even government files, amplifying risks for organisations and individuals alike.
“Cybercrime is evolving rapidly, with underground forums not only facilitating illegal trade but also enabling collaboration among threat actors. This makes monitoring these spaces critical to understanding and countering emerging threats,” said CloudSEK’s research team.
Industries and regions under attack
No industry or geography was immune to cyber threats in 2024:
– Most targeted sectors: Retail, IT & Technology, and Communications were hit hardest. Retail alone accounted for over 230 victims, underscoring the value of customer data like payment card information.
– Geographic hotspots:
-
- United States: The most targeted country, with 140 attacks, due to its economic dominance and digital infrastructure.
- India: Rapid digitisation exposed 95 entities, making it the second most attacked nation.
- Israel: Geopolitical tensions drove 57 attacks, targeting critical infrastructure and high-value assets.
These findings highlight the global reach and strategic motivations of cybercriminals, ranging from financial gain to political disruption.
Ransomware: A relentless threat
Ransomware attacks escalated in both scale and complexity this year:
– Top industries affected: Manufacturing (16.3%), Healthcare (10.8%), and Real Estate (12.1%) were disproportionately targeted, disrupting critical operations.
– Ransom demands soar: Average demands peaked at over $2 million in late 2024, with ransom groups such as LockBit 3.0 and RansomHub leading these attacks.
– Data exfiltration trends: Over 994TB of data was stolen, further emphasising the pivot toward double and triple extortion tactics.
“Ransomware is no longer just about locking systems; it’s about weaponising stolen data. This shift has devastating consequences for businesses and individuals,” explained CloudSEK’s research team.
Exploited vulnerabilities: A weak link in the chain
The speed at which threat actors exploited newly disclosed vulnerabilities was alarming:
– Critical exploits:
-
- CVE-2024-4577 (PHP CGI Command Injection): Weaponised within weeks, impacting enterprise-grade systems.
- CVE-2024-24919 (Check Point Information Disclosure): Exploited widely to target government and enterprise networks.
– Zero-Days on the Rise: High-profile vulnerabilities like CVE-2024-3400 (PAN-OS Command Injection) and CVE-2024-23897 (Jenkins CLI Path Traversal) showcased the growing sophistication of attackers.
– Vendors in Focus: Linux, Microsoft, and Fortinet recorded the highest number of exploited flaws, reflecting their ubiquity in critical infrastructure.
Organisations are urged to prioritise timely patching and robust vulnerability management to mitigate these risks.
CloudSEK’s recommendations for building resilience
In the face of these evolving threats, CloudSEK emphasises a proactive, multi-layered approach to cybersecurity:
- Timely patch management: Address known vulnerabilities to close gaps before exploitation.
- Continuous threat monitoring: Leverage AI-driven tools to detect and respond to threats in real-time.
- Strengthened access controls: Implement MFA, privileged access management, and network segmentation.
- Incident response planning: Develop and simulate response plans to reduce downtime during an attack.
- Awareness and collaboration: Foster cybersecurity awareness across teams and collaborate with public-private networks to share intelligence.