According to one cybersecurity firm’s September 2024 incident data, a 10% drop month-on-month is just a part of normal threat volatility

Data from a cybersecurity firm’s Sep 2024 cyber incident metrics have pointed to some cyber threat trends encountered for that particular month among its global customer base.

First, ransomware attacks encountered (407) had decreased both month-on-month (450 for Aug 2024), and year-on-year (514 for Sep 2023).

Second, Ransomhub had retained top position in the firm’s protection platform as the most active threat actor for the month with 74 attacks, up by 3% from the previous month’s 72 incidents. Other high-ranking threat groups for the month were: Play (43 attacks), Medusa (23 attacks) and Qilin (23 attacks). One incident had led to the theft of 487 GB of sensitive data including business documents, banking records, and internal communications. After failed ransom negotiations, the threat group had threatened to leak the data on the Dark Web.

Other findings for Sep 2024

Finally, the Industrials sector remained the most targeted sector (26% of all attacks in September), followed by the Consumer Discretionary sector with 89 attacks, and the Information Technology sector, with 51 attacks.

According to Matt Hull, Head of Threat Intelligence, NCC Group, the firm that publicized its monthly  threat data: “Despite a small drop in ransomware victims in September, organizations must stay vigilant. The ransomware threat landscape has been continually volatile throughout 2024, with the number of victims rising and falling month on month. We must also be aware that fueling the ransomware (landscape) is a network off access brokers and info-stealing malware… so organizations should ensure that fundamental security practices around password management, endpoint security and multi-factor authentication are in place and effective.”