Quarterly cybersecurity threat update: Apr 2024
Some notable changes and alarming new patterns have emerged in the cybersecurity sector in the first three months of 2024.
The ransomware landscape has undergone some major shifts, with several large-scale operations being interrupted by government interventions. Phishing attacks remain as prevalent as ever, increasing in sophistication. In January one of the largest data breaches of all time was discovered, exposing 26 billion records online.
Significant cyberthreats this quarter
Ransomware
This quarter has seen notable changes in the ransomware landscape, a frequent topic in our threat reports. There looks to have been a decrease in confirmed attacks in Q1 of 2024 compared to Q4 of 2023.
LockBit, a Ransomware-as-a-Service group that was responsible for 25% of the global ransomware attacks (and featured in our previous threat report) faced a disruption in their activities thanks to Operation Cronos, led by the UK’s National Crime agency. Unfortunately, this seemed to be only a brief pause before the group resumed their operations.
Another ransomware group, known as ALPHV / BlackCat, has announced its shutdown after an alleged $22 million ransom paid by Change Healthcare. The affiliates behind the attack claim they were not paid their share of the ransom and still have access to sensitive data. This case illustrates the wider implications for the ransomware as a service sector and the challenges in trusting cybercriminals.
Related news articles
NCA announces LockBit service disruption: The National Crime Agency successfully disrupted LockBit, taking control of their services and infrastructure.
LockBit back online: Ransomware group LockBit seems to have made a comeback, flaunting new encryption tools, updated infrastructure and fresh data leak and negotiation platforms.
BlackCat taken down by authorities or exit scam: implosion of the BlackCat ransomware group after an alleged $22 million payment by Change Healthcare.
The Big Issue Group hit by ransomware: The newspaper and social business was hit by the Quilin ransomware gang, who stole 550GB corporate data and leaked the CEO’s passport and banking details.
Phishing
Phishing attacks have continued to become more sophisticated this quarter. Phishing delivery methods are also evolving with technology. Previously confined to emails or mobile, scammers now exploit interconnectedness to reach new victims: Microsoft Teams has been targeted for phishing attacks; QR codes, seemingly harmless, are used to obscure malicious links; even SMS is increasingly used for phishing – or “smishing” – attacks. These new methods, coupled with increasing sophistication and personalisation, make modern phishing scams harder to spot.
Cybercriminals are now taking advantage of Phishing-as-a-Service systems and artificial intelligence to launch more effective cyberattacks. Some Phishing-as-a-Service systems can evade security features such as two-factor authentication and quickly spread phishing links. The fact that these advanced phishing campaigns can be launched by people without technical skills shows how the threat landscape is changing.
Adopting multi-factor authentication, using complex passwords, a robust email filtering solution and effective cyber awareness training are vital defensive measures against phishing attacks.
Related news articles
Tycoon Group: Phishing-as-a-Service system poses a significant cybersecurity threat. Vigilance, education, and defensive strategies are crucial.
Unveiling the AI Threat: Trustwave Spider Labs exposes the rise of AI in BEC (Business Email Compromise) and phishing attacks.
QR Codes: QR codes are increasingly used in phishing emails (‘quishing’). While most public QR codes are safe, caution is advised, especially with emails.
Software vulnerabilities
Software vulnerabilities are flaws or weaknesses in a software program that could be exploited to cause harm to individuals or businesses. In the first 3 months of 2023 over 6,600 software vulnerabilities were publicly disclosed; in the same period of 2024 around 8,700 were disclosed. This represents a significant increase, reflecting the growing complexity and challenges in cybersecurity and highlights the importance of ensuring software updates are installed promptly.
Related news articles
Apple and Google Software Updates: The first zero-day flaws patched by Apple and Google in 2024, alongside updates from Microsoft, Mozilla, Cisco, and SAP to address various security vulnerabilities.
Ivanti Connect Secure: NCSC warns of a major software vulnerability with Ivanti’s Connect Secure and Policy Score products.
Microsoft Software Patches: Microsoft patched 73 bugs, including two zero-days exploited by ransomware groups, affecting Office, Exchange and Dynamics 365.
Emerging threats
macOS malware
Some new types of macOS malware have appeared on underground marketplaces in recent months. Most of these are information stealers that can access passwords, cookies and credit card details stored on macOS devices. AMOS (one of the malware variants) appears to have been distributed through SEO (Search Engine Optimisation) poisoning. macOS stealers are becoming more popular and advanced in the malware ecosystem. Information stealers usually target Windows-based operating systems, so the rise of macOS stealers in the cybercrime ecosystem has created new income opportunities for cybercrime.
Related news articles
Atomic macOS Stealer Update: New Atomic Stealer malware variant harder to detect in macOS.
Malware Evolution: macOS infostealing malware outpaces Apple’s XProtect, with variants like KeySteal and Atomic Stealer stealing sensitive data despite updates.
Malware Advertisements: macOS users targeted by stealer malware via fake ads and websites, aiming to harvest sensitive data.
Data breaches
A massive data leak of 26 billion records was exposed in January 2024. This data breach has been dubbed The Mother Of All Breaches due to its enormity, and contained 12 terabytes of user data from 3,876 domains. The breach affected popular websites such as LinkedIn, Twitter/X, Adobe, MySpace and Weibo, as well as government agencies from around the world. This recent breach underscores the importance of good cyber hygiene to protect data from future data breaches, such as using strong, unique passwords, not reusing the same password for different accounts, enabling multi factor authentication and using a dark web monitoring solution to notify you of any data leaked on the dark web.
Related News Articles
Mother of all Breaches: The “Mother of All Breaches” exposed over 26 billion records from various platforms, marking one of the largest data leaks ever.
NHS Dumfries and Galloway: NHS Dumfries and Galloway suffered a cyberattack, leading to patient data leaks; services continue while the Board, police and NCSC are assessing the impact and contacting affected patients.
Misconfigured Firebase: 900 websites exposed sensitive data, including 125 million user records, due to misconfigured security settings
Security Tips and Recommendations
• Install security patches and updates as soon as they become available.
• Use unique and complex passwords for all accounts, and implement two-factor authentication whenever possible.
• Never click on suspicious links or open unexpected attachments. Be wary of emails claiming to be from legitimate sources, even if they appear credible.
• Regularly back up your important data to a secure location to minimize the impact of a ransomware attack.
• Stay informed: Keep yourself updated on current cybersecurity threats and best practices. Consider subscribing to reputable security blogs or newsletters.
• Get a clear picture of any vulnerabilities with a cybersecurity audit of your systems
Remember, even basic cybersecurity awareness can significantly improve your defence against cyberthreats. By adopting these simple practices and staying informed, you can proactively protect yourself and your data in the ever-evolving digital landscape.
Additional Resources
National Cyber Security Centre (NCSC)
