Category | Details |
---|---|
Threat Actors | 33 new or rebranded ransomware groups (e.g., RansomHub, Hellcat, Qilin); existing groups like LockBit; state-sponsored actors exploiting zero-day vulnerabilities. |
Campaign Overview | 2024 saw increased ransomware activity, exploitation of vulnerabilities, and social engineering attacks. Top incidents included ransomware targeting critical sectors (healthcare, manufacturing, etc.), and widespread exploitation of known and new CVEs. |
Target Regions (Victims) | Global victims spanning sectors like healthcare, manufacturing, professional services, and retail; specific examples include London hospitals and other organizations globally. |
Methodology | Ransomware-as-a-Service (RaaS), leak site postings, social engineering (e.g., MFA compromise, SEO poisoning), vulnerability exploitation, trojanized software. |
Product Targeted | VPNs, virtual desktop infrastructure (VDI), RDP, support services, file transfer technologies (e.g., GoAnywhere MFT, MOVEit Transfer), firewalls, and older technologies like Oracle WebLogic and Adobe ColdFusion. |
Malware Reference | SocGholish, GootLoader, AsyncRAT; used for credential theft, drive-by attacks, and remote access. |
Tools Used | Exploitation of CVEs (e.g., CVE-2024-3400, CVE-2023-36025), social engineering (e.g., help desk deception), trojanized freeware, vulnerability tagging via platforms like AttackerKB. |
Vulnerabilities Exploited | Notable CVEs: Palo Alto Networks PAN-OS (CVE-2024-3400), ConnectWise ScreenConnect (CVE-2024-1709), Fortinet FortiClient (CVE-2023-48788), and others. Older vulnerabilities like Adobe ColdFusion (CVE-2018-15961) remain exploited. |
TTPs | RaaS operations with extortion via leak sites; initial access via MFA compromise and remote access abuse; use of fake updates and SEO poisoning for malware distribution; targeting vulnerabilities in widely used software. |
Attribution | Ransomware groups like LockBit, RansomHub, Qilin, Hellcat; exploitation campaigns linked to state-sponsored actors; Rapid7 identifies global adversaries leveraging zero-day and known vulnerabilities. |
Recommendations | Enforce MFA across all remote access points; secure externally facing systems; conduct regular vulnerability assessments and patch management; implement email and endpoint security controls to detect and mitigate phishing and malware. Stay updated on emerging threats via platforms like AttackerKB. |
Source | Rapid7 |
Read full article: https://www.rapid7.com/blog/post/2024/12/16/2024-threat-landscape-statistics-ransomware-activity-vulnerability-exploits-and-attack-trends/
The above summary has been generated by an AI language model
Leave a Reply