Skip to Main ContentSkip to Footer

2024 State of the Threat: A Year in Review

Fortify your defenses by understanding the latest intelligence and top threats facing organizations this year.

2024 State of the Threat

Get the Report

All fields are required.
Access Now
 

The Impact of Cyber Risk in 2024 and Beyond

Cyber risk remains high in 2024, driven by a thriving cybercriminal ecosystem and geopolitical pressures.

This year underscored the resilience of the threat landscape. Despite increased law enforcement efforts and several high-profile takedowns, ransomware remains a significant financial threat, even if the names of the ransomware groups have changed. Geopolitical events in Ukraine, the Middle East, and the South China Sea continue to drive state-sponsored and hacktivist activities, even when some of their techniques and tactics are exposed by Western experts.

Security can never become passive. It requires ongoing vigilance.

Secureworks and our Counter Threat Unit™ (CTU) are committed to arming the security community with the latest intelligence and insights to build security maturity and shore up our global defenses. Throughout the year, Secureworks customers receive the most relevant, up-to-date threat intelligence, ensuring they remain prepared and protected. With global intelligence, the advantage of the Taegis™ XDR platform, and adhering to the fundamentals (e.g., patching, MFA), you too can outpace and outmaneuver the adversary.

Read our complete and comprehensive report to deepen your understanding of the threat landscape with pragmatic recommendations for your business.

30 %

y/y rise in active ransomware threat groups

72%

of initial access vectors in ransomware attacks accounted for by scan-and-exploit and stolen credentials

7 hours

shortest observed ransomware dwell time

 

Global Threat Intelligence Summit 2024

Learn from Secureworks threat experts directly with on-demand recordings and conversations from the 2024 Global Threat Intelligence Summit, where you can engage in even greater insights on today’s most critical threats.

Start watching now

Key Findings: State of the Threat

  • This 70+ page report comprehensively examines cybersecurity events from July 2023 to the end of June 2024. These events reflect the continued evolution of ransomware and other threat tactics, including significant takedowns of core ransomware groups and the subsequent fragmentation and creation of new groups; AiTM and AI as growing threats; and the continued influence of state-sponsored threat groups and hacktivist activity.
  • Based on insights from customer telemetry, incident response, underground monitoring, proactive threat research, and intelligence relationships, CTU™ research observed the following trends in the threat landscape:

March 2024 saw the highest number of ransomware schemes listing victims. Dwell times remain low, with the shortest observed at just under 7 hours.

Scan-and-exploit and stolen credentials remain top IAVs in ransomware attacks, accounting for nearly 72% of known IAVs.

Adversary in the Middle phishing kits are increasingly used to bypass MFA. Using phishing-proof MFA is now vital.

Law enforcement targeting of ransomware groups caused disruption and fragmentation, prompting new threat actor behaviors.

Hacktivists continue to conduct denial of service or web site defacement campaigns against organizations linked to conflict zones.

State-sponsored threat groups use obfuscation networks, LOTL techniques, and commodity tools to frustrate detection and attribution.

Defense basics (MFA, patching, XDR) remain key. One or more were absent in >50% of Secureworks incident response engagements.

AI lends efficiency more than complexity for cybercriminals, boosting the volume and impact of cyberattacks.

What Informs Secureworks State of the Threat

The Secureworks view of the threat landscape comes from a combination of telemetry from the Taegis platform; incident response and Secureworks Adversary Group customer engagements; privileged source intelligence and industry relationships; dark web surveillance; and technical and tactical research conducted by the CTU, including extensive use of botnet emulations.

Download the report now for a detailed visualization of the threat landscape and actionable, pragmatic advice on how to secure your most valuable business assets.

5 Trillion+

event logs processed by Taegis every week of the year

50K

investigations a year via Incident Response and the Taegis platform

Unique

botnet emulation capabilities, giving us a threat actor’s eye view of the threat landscape