Secureworks 2024 Threat Landscape Report

This cybersecurity report provides an in-depth review of threats, attack techniques, and global trends based on research from Secureworks for July 2023 to June 2024. It highlights persistent ransomware activities, law enforcement disruptions, and evolving tactics used by cybercriminals and state-sponsored actors. #QakBot #LockBit

Keypoints

  • The report typically contains sections such as an executive summary, detailed chapters on cybercrime trends, attack techniques, hacktivism, and state-sponsored threats, along with key findings that synthesize the year’s major developments.
  • It presents comprehensive statistics on attack volumes, including the number of ransomware victims, leak site activity, and the prevalence of various malware families—highlighting that despite enforcement efforts, cybercrime ecosystems continue to thrive with high attack frequencies.
  • Key trends include the rise of new ransomware groups, increased use of web shells and vulnerabilities like CVE-2023-4966, and the shift towards affiliate-based operations with frequent rebranding and leak site proliferation to evade law enforcement.
  • The report emphasizes the persistent threat of ransomware, noting shortened dwell times (sometimes under 7 hours), high victim counts on leak sites—peaking at 730 victims in March 2024—and the adaptation of threat actors through tactics like living-off-the-land binaries, obfuscation, and exploiting internet-facing vulnerabilities.
  • It underscores the impact of geopolitical tensions, with state-sponsored activities linked to conflicts in Ukraine, the Middle East, and South China Sea, often blurring lines with hacktivism and raising concerns about disinformation campaigns around significant events such as elections.
  • Recurring themes reveal that despite law enforcement operations disrupting certain groups like ALPHV/BlackCat and LockBit, the cybercriminal landscape remains dynamic, with new actors emerging and existing groups resorting to strategies like rebranding and affiliate switching to sustain their operations.
Source: Awesome Annual Security Reports - The reports in this collection are limited to content which does not require a paid subscription, membership, or service contract. (https://github.com/jacobdjwilson/awesome-annual-security-reports/)

Download Report from Github