Huntress Releases 2024 Cyber Threat Report

Huntress Releases 2024 Cyber Threat Report, Highlights Increased Targeting of Healthcare and Other Vital Industries

‍Huntress' threat intelligence team delivers insider insights on adversary tactics defining the industry and emerging threats 

‍COLUMBIA, MD - May 22, 2024 - Huntress unveiled its 2024 Cyber Threat Report today. Delivering insightful reporting on emerging cyber threats and tradecraft targeting small businesses and mid-sized enterprises, Huntress highlights ways threat actors showed their true colors. One of the most unique findings is an emerging trend toward attackers using smaller enterprises as testbeds before deploying similar attacks into larger enterprises. 

“We saw that no business or industry is ‘off the table’ for attackers,” said Jamie Levy, Director of Adversary Tactics for Huntress. “Last year, our inaugural threat report highlighted that attackers attempted to avoid detection by blending in and increasing account takeover tactics like business email compromise. We observed that hackers continue to move covertly, exploiting trusted tools and services and hitting vulnerable industries once considered safe with ransomware attacks.”

‍Key Takeaways:

• ‍Hackers are Hiding in Plain Sight
  • 79% of cloud storage misuse incidents involved Microsoft OneDrive, followed by 18% of incidents involving Google Drive and 3% involving Dropbox, as attackers use these services to distribute malware or exfiltrate data. 
  • Threat actors are weaponizing off-the-shelf software tools to hide their activity and gain remote access to key systems. Of the tools leveraged for malicious activity, 36% were RMM tools, including 15% of ScreenConnect and 12% of Atera. Additionally, 64% of tools leveraged for malicious remote access were Remote Access Trojans (RATs) due to their ease of installation and leaving little traces on the endpoint. 

• Ransomware Threats are Surging
  • Late last year, DarkGate ransomware jumped by 880% in the months immediately after the US Department of Justice-led takedown of the Qakbot malware distribution and control network. In fact, several ransomware variants spiked in the months after Qakbot, with Akira spiking 501% and LockBit spiking 102%, showing just how quickly cybercriminals can adapt strains to exploit new targets.
• No Healthcare Target is Sacred
  • The days of healthcare being an “untouchable” sector are over. 2023 highlights how healthcare organizations are prime targets for ransomware and business email compromise as attackers find new ways to extract patient data and take critical systems offline. 
  • Healthcare organizations face a range of cyber threats. In 2023, the top threats against healthcare organizations were 21% Trojans, 14% RATs, and 11% initial access. While some of these threats might initially seem harmless, they often pave the way for more serious issues, such as ransomware.
  • The top ransomware variants targeting the healthcare sector were 29% Dharma, 17% DarkGate, and 15% LockBit. 
  • Business email compromise attacks against healthcare included manipulating mailbox rules, bypassing location settings via VPN or proxy, attacks on MFA, and unauthorized logins. In 2023, 34% of the threats involved malicious mailbox rules in Microsoft 365, and 26% used a VPN or Proxy.

The Huntress threat research team details their findings in this report, leveraging the same data from the Huntress Managed Security Platform to provide new and valuable insights that will arm businesses and their MSPs with new ways to mitigate risk and build more cyber resilience.

‍Additional resources: 

• Read part I of the III part series covering Huntress’ findings