Global cybercrime continues to be a growing threat, with projections indicating a steady increase in cyberattacks over the next five years. In an effort to pinpoint the most pressing cybersecurity risks in the first half of 2024, the Critical Start Cyber Research Unit (CRU) conducted an analysis of 3,438 high and critical alerts from 20 supported EDR solutions, as well as 4,602 reports detailing ransomware and database leak incidents across 24 industries in 126 countries.
The findings of the analysis revealed a troubling pattern of cyberattacks targeting specific sectors, with key insights including:
- Manufacturing and Industrial Products: This industry emerged as the top target for cyber threat actors in the first half of 2024, with 377 confirmed reports of ransomware and database leak incidents.
- Professional Services: Reports of database leaks and ransomware attacks in this sector increased by 15% compared to 2023, with legal services organizations and supply chains being prime targets due to the sensitive data they handle.
- Healthcare & Life Sciences: Incidents of ransomware and database leaks surged by 180% in February 2024 compared to the same period in 2023, with notable attacks on healthcare providers like Change Healthcare.
- Engineering and Construction: These industries continued to experience consistent cyberattacks in the first half of both 2023 and 2024, with the United States bearing the brunt of attacks in 2024.
- Technology: While there was a slight decrease in database leaks and ransomware attacks targeting technology companies, the sector remained vulnerable to cyber threats.
Callie Guenther, Senior Manager of Cyber Threat Research at Critical Start, expressed concern about the ransomware threat landscape in the first half of 2024, emphasizing the need for organizations to bolster their security measures. Guenther highlighted the importance of implementing Managed Detection and Response (MDR) solutions that integrate various security measures to proactively mitigate risks and fortify the security infrastructure.
In addition to these sector-specific insights, the report also underscored emerging concerns for businesses, including:
- BEC Attacks: Business Email Compromise (BEC) scammers are shifting their focus from large corporations to smaller businesses with weaker cybersecurity defenses.
- Deepfakes and Social Engineering: There has been a significant increase in deepfake attacks, with a staggering 3,000% rise in deepfake fraud attempts.
- Abuse of Open-Source Repositories: Attackers are leveraging open-source repositories to launch repo confusion attacks and supply chain attacks, posing a growing threat to organizations.
Overall, the findings of the report paint a sobering picture of the evolving cybersecurity landscape in 2024, underscoring the need for businesses to prioritize cybersecurity measures and stay vigilant against emerging threats. As cybercriminals become more sophisticated, organizations must adapt and strengthen their security posture to mitigate risks and safeguard sensitive data.