Skip to navigation Skip to main content Skip to footer

NCC Group Monthly Threat Pulse – Review of September 2024

24 October 2024

Ransomware attacks down month-on-month

  • Total ransomware cases in September were 10% lower month over month, at 407 attacks.
  • Ransomhub maintains top position, responsible for 28% of attacks by the top 10 threat actors.
  • Industrials remain most targeted sector, accounting for 26% of attacks.
  • North America and Europe accounted for 80% of all cases globally.

September 2024 – Over this monthly period, global levels of ransomware attacks decreased both month-on-month, and year-on-year. There was a total of 407 attacks across the month, according to NCC Group’s September Threat Pulse, a drop from August’s figures of 450 and September 2023’s figures of 514. 

Ransomhub maintains dominance

Ransomhub retained the top position as the most active threat actor this month with 74 attacks, up by 3% from the previous month’s 72 incidents. One significant attack in September targeted Kawasaki, with the group stealing 487 GB of sensitive data. This included business documents, banking records, and internal communications. After failed auctions, they threatened to leak the data on the dark web.

Play secured second position with 43 attacks, followed by Medusa in third with 26 attacks, and Qilin in fourth with 23 attacks. 


80% of attacks strike North America and Europe

North America remained the most targeted region, accounting for 57% of total global attacks (233). Europe followed with 23% of attacks (94), a noteworthy drop from 125 in August.

Asia faced a modest rise, with attacks climbing from 43 in August to 46 in September, and South America remained the same with 21 attacks. Attacks in Oceania dropped from 15 to 8 between August and September, with Africa also experiencing a significant decline in attacks, going from 13 to 5. 


Industrials remains the prime target 

The Industrials sector remained the most targeted sector. Accounting for 26% (103) of attacks in September, these figures reflect the continued interest by threat actors in targeting Critical National Infrastructure (CNI). Following closely behind is Consumer Discretionary with 89 attacks, and in third position, Information Technology with 51 attacks. 


Ransomware Spotlight: Cicada3301’S assault on VMware ESXi servers

In recent months, there has been a sharp rise in cyber threats targeting virtualised environments, exposing vulnerabilities in critical organisational networks. As more enterprises adopt virtualisation for scalability and flexibility, these infrastructures have become prime targets for attackers. A new ransomware variant, Cicada3301, is taking advantage of weaknesses in VMware ESXi servers, which are essential to organisations relying on virtual machines.

This highlights the critical need for robust security measures in virtualised environments, such as strong antivirus software, to allow organisations to mitigate the risks posed by sophisticated ransomware like Cicada3301.


Matt Hull, Head of Threat Intelligence at NCC Group, said:

"Despite a small drop in ransomware victims in September, organisations must stay vigilant. The ransomware threat landscape has been continually volatile throughout 2024, with the number of victims rising and falling month on month.

As the Industrials sector continues to be the most targeted, it’s essential that organisations operating in this space are mindful of the continued threat. Due to the significant impact on organisations that rely on ‘up-time’, and those that hold large amounts of Intellectual Property (IP) or Personally Identifiable Information (PII), cyber criminals will maintain their level of focus as they seek maximum ‘bang for their buck’.

We must also be aware that fuelling the Ransomware ecosystem is a network off access brokers and info-stealing malware. We have noted an increase in the volume of both, so organisations should ensure that fundamental security practices around password management, end point security, and Multi Factor Authentication are in place and effective.

 

About NCC Group:

NCC Group is a people-powered, tech-enabled global cyber security and software escrow business.
 
Driven by a collective purpose to create a more secure digital future, c2,000 colleagues across Europe, North America, and Asia Pacific harness their collective insight, intelligence, and innovation to deliver cyber resilience for over 14,000 clients across the public and private sector.
 
With decades of experience and a rich heritage, NCC Group is committed to developing sustainable solutions that continue to meet clients’ current and future cyber security challenges.
 

Back to NCC Group homepage

Contact

NCC Group Press Office

All media enquires relating to NCC Group plc.

press@nccgroup.com

+44 7721577574