Dark Web Infostealer Lumma Resurges, Targeting VPN Technologies
Nuspire, a leading managed security services provider (MSSP) and PDI Technologies company, today released its Q3 2024 Cyber Threat Report, offering an in-depth analysis of cyber threats over the past quarter. Significant findings in the report include a surge in exploit attempts, a change in ransomware group dominance and shifting trends in dark web behavior.
According to the report, exploit activity increased by over 50%, driven by a sharp rise in attacks against VPN technologies. On the ransomware front, a power shift emerged as RansomHub dethroned LockBit as the top extortion publication group, signaling evolving tactics in the ransomware ecosystem.
“This quarter’s findings highlight a clear shift in how cybercriminals are attacking—particularly their exploitation of VPN vulnerabilities, which organizations often overlook in their broader security strategy,” said J.R. Cunningham, Chief Security Officer at Nuspire. “It’s no longer enough to rely on reactive measures. Businesses must adopt a more preemptive approach, strengthening their remote access controls and continuously assessing potential entry points. The rise of RansomHub also signals that ransomware actors are getting bolder, which calls for more robust incident response capabilities, not just at the technical level, but in how organizations manage the human and financial impact of these attacks.”
Key insights from Nuspire’s Q3 2024 Cyber Threat Report include:
- Exploit Activity:
- A total of 16,964,624 exploitation events were detected in Q3, marking a 50.96% increase over Q2.
- Over 60% of these attacks targeted unpatched or outdated systems, focusing on VPN vulnerabilities.
- The Fortinet FortiOS SSL-VPN vulnerability (CVE-2022-42475) was the most exploited, with a significant uptick in attack attempts.
- Exploits targeting remote work environments saw a 45% increase, further highlighting the risks posed by hybrid workforces.
- Ransomware Trends:
- RansomHub ransomware overtook LockBit as the leading ransomware group, with an 8.06% rise in ransomware publications.
- Nearly 30% of all ransomware-related extortion in Q3 was attributed to RansomHub’s activity.
- 40% of successful ransomware attacks were initiated through phishing or exploited vulnerabilities.
- Smaller ransomware groups are adopting more agile tactics to evade law enforcement and detection.
- Dark Web Listings:
- Dark web activity decreased by 5.41% overall, but the Lumma Stealer infostealer saw a resurgence, with a 12% increase in listings.
- Demand for compromised VPN and cloud service credentials surged, with listings for these credentials increasing by 15%.
- High-value targets, particularly in healthcare, financial services and critical infrastructure, were prioritized in dark web transactions.
“Q3 2024 saw a dramatic increase in exploit attempts, underscoring the continued evolution of cybercriminal tactics,” said Craig Robinson, VP of Security Services Research at IDC. “With remote access technologies like VPNs under constant attack, organizations can no longer depend on patch management alone. A comprehensive, forward-looking approach is necessary—one that integrates real-time monitoring, adaptive threat management and advanced solutions like generative AI to accelerate detection and response. As ransomware and dark web threats rise, prioritizing identity security and adopting zero-trust frameworks will be essential for long-term protection.”
To access the complete Q3 2024 Cyber Threat Report and learn more about protecting your organization, visit Nuspire’s website.
Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!