Huntress unveiled its
2024 Cyber Threat Report
today. Delivering insightful reporting on emerging cyber threats and
tradecraft targeting small businesses and mid-sized enterprises,
Huntress highlights ways threat actors showed their true colors. One of
the most unique findings is an emerging trend toward attackers using
smaller enterprises as testbeds before deploying similar attacks into
larger enterprises.
"We saw that no business or industry is ‘off
the table' for attackers," said Jamie Levy, Director of Adversary
Tactics for Huntress. "Last year, our inaugural threat report
highlighted that attackers attempted to avoid detection by blending in
and increasing account takeover tactics like business email compromise.
We observed that hackers continue to move covertly, exploiting trusted
tools and services and hitting vulnerable industries once considered
safe with ransomware attacks."
Key Takeaways:
- Hackers are Hiding in Plain Sight
- 79%
of cloud storage misuse incidents involved Microsoft OneDrive, followed
by 18% of incidents involving Google Drive and 3% involving Dropbox, as
attackers use these services to distribute malware or exfiltrate data.
- Threat
actors are weaponizing off-the-shelf software tools to hide their
activity and gain remote access to key systems. Of the tools leveraged
for malicious activity, 36% were RMM tools, including 15% of
ScreenConnect and 12% of Atera. Additionally, 64% of tools leveraged for
malicious remote access were Remote Access Trojans (RATs) due to their
ease of installation and leaving little traces on the endpoint.
- Ransomware Threats are Surging
- Late
last year, DarkGate ransomware jumped by 880% in the months immediately
after the US Department of Justice-led takedown of the Qakbot malware
distribution and control network. In fact, several ransomware variants
spiked in the months after Qakbot, with Akira spiking 501% and LockBit
spiking 102%, showing just how quickly cybercriminals can adapt strains
to exploit new targets.
- No Healthcare Target is Sacred
- The
days of healthcare being an "untouchable" sector are over. 2023
highlights how healthcare organizations are prime targets for ransomware
and business email compromise as attackers find new ways to extract
patient data and take critical systems offline.
- Healthcare
organizations face a range of cyber threats. In 2023, the top threats
against healthcare organizations were 21% Trojans, 14% RATs, and 11%
initial access. While some of these threats might initially seem
harmless, they often pave the way for more serious issues, such as
ransomware.
- The top ransomware variants targeting the healthcare sector were 29% Dharma, 17% DarkGate, and 15% LockBit.
- Business
email compromise attacks against healthcare included manipulating
mailbox rules, bypassing location settings via VPN or proxy, attacks on
MFA, and unauthorized logins. In 2023, 34% of the threats involved
malicious mailbox rules in Microsoft 365, and 26% used a VPN or Proxy.
The
Huntress threat research team details their findings in this report,
leveraging the same data from the Huntress Managed Security Platform to
provide new and valuable insights to arm businesses and their MSPs with
new ways to mitigate risk and build more cyber resilience.
Download the full report