Press ESC to close

2024 Threat Landscape Statistics: Ransomware Activity, Vulnerability Exploits, and Attack Trends

CategoryDetails
Threat Actors33 new or rebranded ransomware groups (e.g., RansomHub, Hellcat, Qilin); existing groups like LockBit; state-sponsored actors exploiting zero-day vulnerabilities.
Campaign Overview2024 saw increased ransomware activity, exploitation of vulnerabilities, and social engineering attacks. Top incidents included ransomware targeting critical sectors (healthcare, manufacturing, etc.), and widespread exploitation of known and new CVEs.
Target Regions (Victims)Global victims spanning sectors like healthcare, manufacturing, professional services, and retail; specific examples include London hospitals and other organizations globally.
MethodologyRansomware-as-a-Service (RaaS), leak site postings, social engineering (e.g., MFA compromise, SEO poisoning), vulnerability exploitation, trojanized software.
Product TargetedVPNs, virtual desktop infrastructure (VDI), RDP, support services, file transfer technologies (e.g., GoAnywhere MFT, MOVEit Transfer), firewalls, and older technologies like Oracle WebLogic and Adobe ColdFusion.
Malware ReferenceSocGholish, GootLoader, AsyncRAT; used for credential theft, drive-by attacks, and remote access.
Tools UsedExploitation of CVEs (e.g., CVE-2024-3400, CVE-2023-36025), social engineering (e.g., help desk deception), trojanized freeware, vulnerability tagging via platforms like AttackerKB.
Vulnerabilities ExploitedNotable CVEs: Palo Alto Networks PAN-OS (CVE-2024-3400), ConnectWise ScreenConnect (CVE-2024-1709), Fortinet FortiClient (CVE-2023-48788), and others. Older vulnerabilities like Adobe ColdFusion (CVE-2018-15961) remain exploited.
TTPsRaaS operations with extortion via leak sites; initial access via MFA compromise and remote access abuse; use of fake updates and SEO poisoning for malware distribution; targeting vulnerabilities in widely used software.
AttributionRansomware groups like LockBit, RansomHub, Qilin, Hellcat; exploitation campaigns linked to state-sponsored actors; Rapid7 identifies global adversaries leveraging zero-day and known vulnerabilities.
RecommendationsEnforce MFA across all remote access points; secure externally facing systems; conduct regular vulnerability assessments and patch management; implement email and endpoint security controls to detect and mitigate phishing and malware. Stay updated on emerging threats via platforms like AttackerKB.
SourceRapid7

Read full article: https://www.rapid7.com/blog/post/2024/12/16/2024-threat-landscape-statistics-ransomware-activity-vulnerability-exploits-and-attack-trends/

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

Source: Rapid7

Published on: December 16, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *