Spearphishing attacks with links and attachments increased in Q3 2024, accounting for 46% of security incidents, ReliaQuest’s Top Cyber Attacker Techniques report has revealed.
Initial access methods like spear phishing were the most common MITRE ATT&CK techniques last quarter and have remained so in Q3 2024. According to ReliaQuest, high employee turnover and the accessibility of phishing kits on cybercriminal forums are driving the persistence of these attacks.
“Even if employees are properly trained to recognize the signs of phishing, the constant influx of untrained new hires creates opportunities for cybercriminals,” the report said. “Despite the importance of employee training, sometimes it just isn’t enough,” it continued.
Top Malware Variants
SocGholish and MummaC2 remained the top two malware variants in Q3 2024, appearing in 18% and 14% of cases respectively.
LummaC2 is a sophisticated infostealer primarily distributed through phishing attacks and fake software updates. It is available to cybercriminals through malware-as-a-service (MaaS_ business models and involves obfuscating PowerShell, which downloads and executes payloads using living-off-the-land binaries (LOLbins) such as mshta.exe and Dllhost.exe.
SocGholish, however, poses as a browser update, targeting high-ranking websites to appear legitimate and ultimately increase download success rates.
Top Ransomware Gangs
Despite showing reduced activity after a law enforcement crackdown earlier this year, LockBit was the fourth most active ransomware gang in Q3 2024. According to Reliaquest, RansomHub, a relatively new group, has compensated for LockBit’s slowdown, targeting 232 organizations in Q3 2024, up 130% from the previous quarter.
RansomHub has grown increasingly popular due to its ransomware-as-a-service (RaaS) program, which allows affiliates to keep up to 90% of profits, significantly more than other programs. This model is particularly attractive for former LockBit and ALPHV affiliates left out In the cold following the respective slowdown and disbandment of the two groups.
Cloud Vulnerabilities Rise
The ReliaQuest report also reveals that cloud-based security threats surged by 20% in Q3 2024. Attackers are increasingly exploiting compromised cloud accounts, taking advantage of the expanding use of cloud services. These incidents often lead to cryptocurrency mining, data theft, and account breaches. The report warns that attackers can escalate privileges within cloud environments, enabling lateral movement and further exploitation.
Insider Threats Intensify
The report also highlights a 7% increase in insider threat activity, with cybercriminals offering lucrative payouts for insider assistance. For example, on forums like BreachForums, insiders with access to major U.S. telecom companies were offered up to $10,000 weekly. Motivations range from financial gain to revenge after job loss, making insider threats a growing concern for businesses across industries.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.