Blog

Key Findings from Ontinue’s 1H 2024 Threat Intelligence Report

Ontinue’s Advanced Threat Operations (ATO) team has released its 1H 2024 Threat Intelligence Report, providing a detailed analysis of the shifting cyber threat landscape. This report highlights critical trends we have seen in the first half of 2024 and offers insights into the proactive measures organizations should adopt to build resilience against increasingly sophisticated threats.

The Cyber Threat Landscape in 1H 2024

One of the key challenges highlighted in the report is the ongoing lag in vendor patch adoption. Despite the availability of patches, many organizations continue to be vulnerable to attacks that exploit known vulnerabilities. In Q1 2024 alone, 8,967 new vulnerabilities (CVEs) were published, with more than an additional 13,400 awaiting publication. Alarmingly, 50% of the top 10 vulnerabilities targeted by threat actors in 2024 were from 2023, demonstrating that older vulnerabilities remain a fruitful and popular target.

The surge in zero-day vulnerabilities, particularly affecting Ivanti products, further underscores the need for an emergency patch and threat mitigation process, as an expedited swimlane in existing IT patch & update processes.

Ransomware: A Persistent Threat

Ransomware continues to dominate the threat landscape, with Lockbit maintaining its position as the most active ransomware group in 2024. While other groups like Clop and AlphV have receded, new actors like Akira and Hunters International have emerged. Lockbit’s continued success, driven by its “name and shame” tactics, demonstrates that ransomware remains one of the most dangerous threats to organizations.

The report warns of a potential resurgence of Clop in late 2024, following the group’s pattern of episodic, high-impact attacks.

Shifts in Targeted Industries

Another critical finding is the shift in targeted industries. In the first half of 2024, the Manufacturing & Industrial sectors have experienced a sharp increase in attacks, now accounting for 41% of all incidents, up from 20% in 2023 – an increase of 105%. In contrast, the Technology/IT services sector has seen a decline in attacks, likely due to improved cyber maturity and proactive defenses.

Emerging Threats to Watch

Several new and evolving threats are highlighted in the report, including:

  • LOLSites: Attackers are increasingly misusing Microsoft-owned domains, such as powerappsportals[.]com, to bypass security controls. This technique allows them to steal MFA codes through phishing methods that exploit legitimate certificates.
  • Phishing via SharePoint: Compromised SharePoint sites have become a launchpad for phishing attacks, taking advantage of the trust users place in Microsoft platforms. These attacks often evade traditional security measures, posing significant risks to organizations.
  • Infostealers: Infostealers, such as Raccoon Stealer, continue to proliferate through Malware-as-a-Service (MaaS) models. These tools are commonly distributed via malvertising, phishing, and software droppers, making them a persistent threat to organizations’ sensitive data.
  • PlugX RAT: The PlugX RAT remains a significant danger, particularly to government agencies. Its ability to spread through USB devices and hide exfiltrated data in hidden directories makes it a favored tool of Chinese state-sponsored actors.

The Rise of Chinese State-Sponsored Attacks

The report also draws attention to the growing threat from Chinese state-sponsored cyber operations. China’s military and cyber organization is driving an increase in cyber activities, with a particular focus on information control. The streamlined development of zero-day exploits, combined with the involvement of private contractors, complicates attribution and escalates the global threat level.

Building Stronger Security Resilience

To counter these emerging threats, organizations must adopt a proactive and layered approach to cybersecurity. Timely patch & mitigation deployment, secure implementation of multi-factor authentication, and fostering a culture of security awareness are critical to reducing risk. Implementing network segmentation, maintaining regular offline backups, and ensuring incident response plans are tested and ready to deploy will help minimize the impact of ransomware and other cyber threats.

Ontinue encourages organizations to stay ahead of these challenges by partnering with a trusted managed security provider, leveraging real-time threat intelligence, and enhancing their overall cybersecurity maturity through adoption of best practices.

To explore these findings in more detail and gain deeper insights into the latest threats, read the full 1H 2024 Threat Intelligence Report.

TL; DR

The report found that despite patches being available, older vulnerabilities remain heavily exploited, with 50% of the top 10 trending vulnerabilities in early 2024 originating in 2023. Lockbit remains the most active ransomware group, while new players like Hunters International pose significant threats. The Manufacturing & Industrial sector has seen a surge in attacks, while the Technology/IT services sector has experienced a decline due to improved cyber defenses.

The ATO also spotlights the rise of sophisticated phishing techniques using Microsoft-owned domains, the ongoing threat of Infostealers, and the persistent danger of the PlugX RAT, particularly against government agencies. Additionally, Chinese state-sponsored cyber operations are intensifying, with a focus on information control and the use of zero-day exploits. Ontinue emphasizes the importance of proactive measures, staying informed through advisories, and enhancing cybersecurity maturity through best practice adoption.

Sharing
Article By

Advanced Threat Operations Team
Ontinue - ATO

Ontinue’s Advanced Threat Operations (ATO) team leverages proactive threat identification, analysis, and mitigation to empower our customers with the resilience needed to tackle the constantly evolving threat landscape.

Balazs Greksza

Domenico de Vitto