ĢTV Releases 2024 Cyber Threat Report, Highlights Increased Targeting of Healthcare and Other Vital Industries
ĢTV' threat intelligence team delivers insider insights on adversary tactics defining the industry and emerging threats
COLUMBIA, MD - May 22, 2024 - ĢTV unveiled its 2024 Cyber Threat Report today. Delivering insightful reporting on emerging cyber threats and tradecraft targeting small businesses and mid-sized enterprises, ĢTV highlights ways threat actors showed their true colors. One of the most unique findings is an emerging trend toward attackers using smaller enterprises as testbeds before deploying similar attacks into larger enterprises.
“We saw that no business or industry is ‘off the table’ for attackers,” said Jamie Levy, Director of Adversary Tactics for ĢTV. “Last year, our inaugural threat report highlighted that attackers attempted to avoid detection by blending in and increasing account takeover tactics like business email compromise. We observed that hackers continue to move covertly, exploiting trusted tools and services and hitting vulnerable industries once considered safe with ransomware attacks.”
Key Takeaways:
- Hackers are Hiding in Plain Sight
- 79% of cloud storage misuse incidents involved Microsoft OneDrive, followed by 18% of incidents involving Google Drive and 3% involving Dropbox, as attackers use these services to distribute malware or exfiltrate data.
- Threat actors are weaponizing off-the-shelf software tools to hide their activity and gain remote access to key systems. Of the tools leveraged for malicious activity, 36% were RMM tools, including 15% of ScreenConnect and 12% of Atera. Additionally, 64% of tools leveraged for malicious remote access were Remote Access Trojans (RATs) due to their ease of installation and leaving little traces on the endpoint.
- Ransomware Threats are Surging
- Late last year, DarkGate ransomware jumped by 880% in the months immediately after the US Department of Justice-led takedown of the Qakbot malware distribution and control network. In fact, several ransomware variants spiked in the months after Qakbot, with Akira spiking 501% and LockBit spiking 102%, showing just how quickly cybercriminals can adapt strains to exploit new targets.
- No Healthcare Target is Sacred
- The days of healthcare being an “untouchable” sector are over. 2023 highlights how healthcare organizations are prime targets for ransomware and business email compromise as attackers find new ways to extract patient data and take critical systems offline.
- Healthcare organizations face a range of cyber threats. In 2023, the top threats against healthcare organizations were 21% Trojans, 14% RATs, and 11% initial access. While some of these threats might initially seem harmless, they often pave the way for more serious issues, such as ransomware.
- The top ransomware variants targeting the healthcare sector were 29% Dharma, 17% DarkGate, and 15% LockBit.
- Business email compromise attacks against healthcare included manipulating mailbox rules, bypassing location settings via VPN or proxy, attacks on MFA, and unauthorized logins. In 2023, 34% of the threats involved malicious mailbox rules in Microsoft 365, and 26% used a VPN or Proxy.
The ĢTV threat research team details their findings in this report, leveraging the same data from the ĢTV Managed Security Platform to provide new and valuable insights that will arm businesses and their MSPs with new ways to mitigate risk and build more cyber resilience.
Additional resources:
- Read part I of the III part series covering ĢTV’ findings
About ĢTV
ĢTV is a leading cybersecurity company focused on protecting and empowering small businesses to mid-sized enterprises. Combining the power of the ĢTV Managed Security Platform with a human-led 24/7 Security Operations Center (SOC), ĢTV provides the top-rated technology, services, education, and expertise needed to help companies overcome cybersecurity challenges and protect critical business assets. For more information about ĢTV, visit www.huntress.com and follow us on , , and .
Contacts:
Valerie Baccei
press@huntresslabs.com
+1 (650) 400-7833