Threat Landscape Overview
The threat landscape for September did not deviate significantly from the patterns observed in August. RansomHub continues to dominate, accounting for the highest number of cyber attacks in the month of September as well. While nation-state actors from Russia, North Korea and China remain active, their tactics have largely followed familiar patterns, including the use of living off the land techniques to blend in with legitimate operations. This report summarises key observations on the cyber threat landscape for the month of September, highlighting both recurring issues and newly identified vulnerabilities.
Threat Actor Activity Overview
For those familiar with our previous reports, it has been evident that the Lockbit gang has been responsible for the majority of cyberattacks over the past two years. However, recent developments over the last three months have seen their operations significantly disrupted by coordinated law enforcement efforts across the globe. Despite this disruption, the vacuum left by Lockbit has not lasted long.
As we approach the end of the year, we have compiled a list of the most prolific threat actors of 2024. Notably, RansomHub has shown a marked increase in attacks, steadily expanding its reach across various industries. This trend follows on from last month’s report, underscoring the group’s growing prominence in the cyber landscape. Other notable actors include LockBit Gang, Play Ransomware Group, and BlackBasta, each displaying varying levels of activity throughout the year. These patterns highlight the evolving tactics and persistence of ransomware groups, reinforcing the need for vigilance and robust defences.
The most prolific threat actors of the year to date:
The following graph highlights the industries most frequently targeted by threat actors over the past six months. These incidents have occurred on a global scale, with attribution linked to various cybercriminal groups. Building on the year-to-date analysis, the following chart highlights the top ten most prolific threat actors for the month of September:
The Most Targeted Countries
The global cyber threat landscape, as illustrated in the heatmap below reflects a complex interplay of geopolitical factors, regulatory environments, economic wealth, and the influence of hacktivism. These elements contribute to the varying intensities of cyber-attacks across regions.
Countries such as the United States, Canada, Germany, and the United Kingdom experience high attack levels due to their significant geopolitical influence, making them attractive targets for nation-state actors seeking strategic advantages. Their wealth and advanced digital infrastructures also expose them to cybercriminals who see these nations as prime sources of valuable data and resources.
We will continue to analyse and gather data on cyber threats to deepen our understanding of their evolving nature. The key takeaway is that, while cyber threats are inherently global, their impact varies by region, with each area facing unique levels of risk. Recognising these patterns is essential for targeted cybersecurity efforts, enabling organisations and governments to strategically allocate resources where they are most needed to mitigate threats effectively.
Victim Industries
The following graph highlights the industries that are frequently targeted by threat actors over the year to date. These incidents have occurred on a global scale, with attribution linked to various cybercriminal groups.
Top 10 mostly exploited vulnerabilities in October 2024
Outlined below are the key vulnerabilities reported to be actively exploited in the wild throughout October. It is crucial to note that patches for these vulnerabilities have already been issued by the respective vendors. To mitigate risks, organisations must prioritise applying these updates promptly and ensuring all systems remain up to date. Regular patch management plays an essential role in safeguarding against potential threats and minimising the attack surface.
Conclusion
As cyber threats continue to evolve, it’s clear that organisations must stay vigilant and adaptable. While existing threats such as ransomware remain dominant, the landscape is becoming more complex with the rise of new, sophisticated attack vectors. Evolving threats like deepfake technology, infostealers, and vulnerabilities in IoT devices highlight the increasingly diverse tactics used by cybercriminals. These emerging challenges require proactive security measures and ongoing vigilance to safeguard critical infrastructure and sensitive data.