In a stark reminder of the escalating cyber threat landscape, Nuspire, a leading managed security services provider (MSSP) and a PDI Technologies company, has released its Q4 and Full Year 2024 Cyber Threat Report. The report uncovers alarming trends, including a dramatic 46% spike in ransomware extortion publications, a reshuffling of dominant ransomware groups, and a relentless rise in exploit attempts.
Clop Ransomware Takes the Lead
Clop ransomware has emerged as the most active threat actor in Q4 2024, surpassing RansomHub and solidifying its position as a top cybercriminal group. Known for its aggressive double-extortion tactics, Clop exploited multiple zero-day vulnerabilities, heavily targeting the Professional & Technical Services sector. This shift underscores the evolving sophistication of ransomware operations and their increasing impact on critical industries.
“The sharp rise in ransomware extortions, particularly from Clop, highlights the growing audacity and technical prowess of cybercriminals,” said Justin Heard, Director of Security Operations at Nuspire. “Organizations must prioritize proactive threat detection and incident response strategies to stay ahead of these evolving threats.”
Key Findings from Nuspire’s Report
Ransomware on the Rise
Ransomware extortion publications surged to 2,247 in Q4, marking a 46% increase from Q3.
Clop overtook RansomHub as the most active ransomware group, with Akira, Funksec, and Bashe rounding out the top five.
The Finance & Insurance sector climbed to become the third-most targeted industry, up from fifth place in Q3.
Exploit Attempts Skyrocket
Exploit attempts jumped by 72%, with 29,180,763 events detected in Q4.
Vulnerabilities in Hikvision cameras (CVE-2021-36260) and Bash (CVE-2014-6271) saw exploitation attempts rise by 56% and 77%, respectively.
Firewalls and VPNs remained prime targets as attackers sought to bypass perimeter defenses.
Dark Web Activity Shifts
Dark web marketplace listings dropped by 32%, with 1,316,660 raw log listings and 590,762 credit card listings available for sale.
Lumma Stealer, a notorious malware-as-a-service (MaaS) infostealer, continued to thrive, harvesting sensitive data for resale on illicit platforms.
Expert Insights and Recommendations
Josh Smith, Principal Threat Intelligence Analyst at Nuspire, emphasized the need for vigilance: “Cybercriminals are increasingly targeting critical infrastructure and high-value data. Organizations must adopt a multi-layered defense strategy, combining AI-driven threat intelligence, robust patch management, and comprehensive employee training to mitigate these risks.”