The 2024 Mid-Year Cybersecurity Review Report

In a time when cyber threats continue to escalate in sophistication and frequency, understanding the evolving landscape is more crucial than ever. Therefore, we are pleased to present the “2024 Mid-Year Cybersecurity Review Report,” offering a comprehensive analysis of the significant cybersecurity challenges and trends observed in the first half of the year.

SOCRadar’s 2024 Mid-Year Cybersecurity Review Report

Executive Summary

The first half of 2024 has been marked by an increase in the complexity and volume of cyber attacks, presenting unprecedented challenges for cybersecurity professionals. SOCRadar’s Extended Threat Intelligence (XTI) platform has been instrumental in empowering Security Operations Centers (SOCs) with actionable intelligence, transforming threat detection and mitigation strategies.

Ransomware attacks have surged, affecting organizations of all sizes and sectors. Notable incidents have highlighted the relentless pursuit of cyber adversaries, making integrated attack surface management and brand protection essential components of a robust cybersecurity strategy. The proactive use of cyber threat intelligence has been pivotal in anticipating and thwarting potential attacks, ensuring the security of organizational networks.

Cybersecurity Predictions for the Second Half of 2024

The second half of 2024 is expected to witness continued threats, with a focus on:

• Surge in Ransomware Attacks: Ransomware will remain a significant threat, targeting critical infrastructure with more sophisticated tactics.
• AI-Driven Cyber Attacks: AI and machine learning will enhance the effectiveness of cyber attacks, leading to more adaptive and automated threats.
• Expansion of Cybercrime-as-a-Service (CaaS): The underground market for cybercrime services will grow, enabling more frequent and varied attacks.
• Increase in Supply Chain Attacks: Targeting third-party vendors will become more common, exploiting vulnerabilities in the supply chain.
• Rise in Zero-Day Exploits: The exploitation of unknown vulnerabilities will continue, necessitating proactive vulnerability management.
• Focus on Cloud Security: As cloud adoption rises, attacks on cloud infrastructure will become more sophisticated.
• Enhanced Dark Web Activities: Monitoring and intelligence gathering on the Dark Web will be crucial to preempt threats.
• Targeted Attacks on IoT Devices: The increase in IoT devices will create new vulnerabilities, requiring improved security measures.

SOCRadar with Numbers

Our platform has captured critical data points in the first half of 2024. Detailed visualizations and metrics will be shared, highlighting the impact and reach of our threat intelligence efforts.

Dark Web with Numbers

SOCRadar’s continuous monitoring of dark web activities has revealed significant trends and statistics. Visual data will showcase the volume and types of threats emerging from dark web forums and marketplaces.

Top Data Breaches in the First Half of 2024

Several high-profile data breaches have occurred, including:

• Snowflake Data Breach: Exposed sensitive customer information.
• Mother of All Breaches (MOAB): Involved a massive leak of 12 terabytes of data.
• Bank of America Data Breach: Resulted from an attack on Infosys McCamish Systems.
• LoanDepot Ransomware Incident: Compromised the personal data of 16.6 million customers.
• VARTA Data Breach: Affected production across five plants.
• Trello Data Breach: Exposed data of over 15 million users.
• Planeta Data Breach: Targeted by Ukrainian hackers, impacting state agencies.
• Tangerine Telecom Data Breach: Stolen records of over 200,000 individuals.
• Cross Switch Data Breach: Compromised 3.6 million users’ data.
• Spoutible Data Breach: Impacted 207,000 records.

Top Cybersecurity Incidents in the First Half of 2024

Significant incidents include:

• Change Healthcare Ransomware Attack: Disrupted healthcare payment processing.
• Twitter Data Breach: Exposed personal information of 235 million users.
• MGM Resorts Cyber Attack: Stole personal data of 142 million guests.
• Cencora Healthcare Data Breach: Exposed millions of patient records.
• UK Ministry of Defence Payroll Hack: Exposed data of 270,000 staff members.
• French State DDoS Attack: Disrupted multiple government services.
• NHS Scotland Ransomware Attack: Released sensitive data on the dark web.
• El Salvador’s Chivo Wallet Hack: Exposed 144 GB of sensitive information.

Top Vulnerabilities in the First Half of 2024

Critical vulnerabilities identified include:

• CVE-2024-3094: SSH backdoor vulnerability in XZ Utils.
• CVE-2024-21762:Remote Code Execution in FortiOS SSL VPN.
• CVE-2024-21626: Container Escape vulnerability in runc.
• CVE-2024-27198: Unauthorized Access in TeamCity CI/CD tool.
• CVE-2024-23897: Command Execution in Jenkins CLI.
• CVE-2024-49583: Privilege Escalation in SAP Business Application Studio.
• CVE-2024-7150: Buffer Overflow in Citrix NetScaler products.
• CVE-2024-33006: File Upload vulnerability in SAP NetWeaver.
• CVE-2024-3095: Authentication Bypass in Ivanti solutions.
• CVE-2024-29822 to 29827: SQL Injection in Ivanti Endpoint Manager.

Dark Web Statistics in the First Half of 2024

SOCRadar’s platform captured 6,419 posts related to dark web activities, averaging 35.6 posts per day, revealing trends and emerging threats in the underground economy.

Ransomware Statistics in the First Half of 2024

With 5,764 ransomware-related posts analyzed, we observed significant peaks in activity and contributions from 127 different groups, highlighting the most active ransomware entities and their geographic targets.

Most Dangerous Threat Actors in 2024 First Half

Top threat actors identified include:

• LockBit 3.0
• ALPHV Blackcat
• Play
• RansomHub
• Hunters International
• Black Basta
• Akira
• 8base
• Medusa
• BianLian

2024 Global Cybercrime Index Rankings

The Global Cybercrime Index, developed by Oxford University, ranks countries based on their cyber threat levels. Russia is identified as the foremost cybersecurity threat, reflecting the global distribution of cybercrime origins.

Lessons Learned: Key Insights and Strategic Recommendations

Key lessons from the first half of 2024 emphasize the importance of:

• Vigilance: Adapting security strategies to the dynamic threat landscape.
• Multi-layered Security: Implementing comprehensive defenses.
• Consistent Guard Against Ransomware: Strengthening defensive and responsive measures.
• Continuous Employee Training: Enhancing recognition and response to phishing attacks.
• Robust Defenses Against Stealer Malware: Detecting and mitigating data breaches.
• Strategies Against DDoS Attacks: Deploying advanced DDoS protection technologies.

The first half of 2024 has highlighted the dynamic and challenging nature of cybersecurity. SOCRadar’s XTI platform continues to provide the essential tools and intelligence needed to navigate these threats. As we look to the second half of the year, our commitment to enhancing cybersecurity measures and staying ahead of cyber adversaries remains unwavering.

Get Your Copy Today