Cybercrime is evolving rapidly, and the KELA 2024 State of Cybercrime Report sheds light on the latest trends, attack tactics, and defensive strategies. If you don’t have time to read the full report, don’t worry—we did it for you. Here’s what you need to know.
1. Infostealers Are Fueling Initial Access Attacks
Key Takeaways:
Over 4.3 million machines were infected by infostealers, accounting for 330 million compromised credentials.
Infostealer malware strains like Lumma, StealC, and Redline accounted for 75% of infections.
Cybercriminals leveraged these stolen credentials for large-scale extortion campaigns, such as the Snowflake attack, which impacted 165 companies.
Recommended Defense Strategies:
✅ Enforce multi-factor authentication (MFA) and rotate privileged credentials frequently.
✅ Implement Zero Trust security to prevent lateral movement.
✅ Regularly test incident response plans for infostealer-related breaches.
2. Ransomware & Extortion Tactics Are Shifting
Key Takeaways:
5,230 ransomware victims were recorded in 2024, marking a 10.5% increase from 2023.
RansomHub became the most active ransomware group with 520+ victims, overtaking LockBit who had approximately 500 victims in 2023.
Cybercriminals are moving toward data theft, supply-chain compromises, and selling stolen data instead of traditional encryption-based ransomware.
Recommended Defense Strategies:
✅ Monitor ransomware-as-a-service (RaaS) platforms for early attack indicators.
✅ Implement network segmentation to limit damage from an attack.
✅ Ensure immutable backups and regularly test disaster recovery plans.
3. Vulnerabilities Remain a Prime Entry Point
Key Takeaways:
Cybercriminals exploit newly disclosed CVEs within weeks of their release.
The most targeted systems included Fortinet’s FortiOS, Microsoft Outlook, and D-Link storage devices.
Recommended Defense Strategies:
✅ Prioritize timely patching and consider virtual patching solutions.
✅ Use threat intelligence feeds to track cybercriminal discussions about new CVEs.
✅ Deploy intrusion detection systems (IDS) to monitor for exploitation attempts.
4. Hacktivist Activity Surged Due to Geopolitical Conflicts
Key Takeaways:
Over 200 new hacktivist groups emerged, conducting 3,500+ DDoS attacks.
Many groups aligned with the Russo-Ukrainian war and Israel-Hamas conflict.
Hacktivists are increasingly collaborating with cybercriminals and using ransomware in attacks.
Recommended Defense Strategies:
✅ Deploy real-time traffic analysis to detect and mitigate DDoS attacks.
✅ Work with cyber threat intelligence (CTI) providers to track emerging hacktivist threats.
✅ Strengthen defenses during politically sensitive events.
Key Takeaways:
Nation-state actors are increasingly using ransomware and cybercrime tools for geopolitical objectives.
Election-related cyber operations targeted the U.S., Taiwan, and India.
Russia, China, Iran, and North Korea ramped up cyber espionage efforts.
Recommended Defense Strategies:
✅ Improve collaboration with government agencies and industry partners for threat intelligence sharing.
✅ Invest in advanced threat-intelligence and behavioral-analysis tools to detect espionage tactics.
✅ Establish joint incident response mechanisms for geopolitical cyber threats.
6. AI Is Introducing New Attack Vectors
Key Takeaways:
Cybercriminals are exploiting AI tools to launch deepfake scams, backdoored AI models, and adversarial attacks.
3 million ChatGPT accounts and 174K Gemini accounts were compromised, exposing sensitive AI-related data.
Recommended Defense Strategies:
✅ Implement strict access controls and monitoring for AI tools.
✅ Deploy AI-based detection to identify deepfake attacks.
✅ Educate employees on prompt injection risks and backdoored AI models.
Final Thoughts: Strengthening Cybersecurity in 2024
The KELA 2024 State of Cybercrime Report highlights the rapid evolution of cyber threats, from infostealers and ransomware to AI-driven attacks and state-sponsored cybercrime. The biggest takeaway? Cybercriminals are adapting faster than ever, and security strategies must evolve accordingly.
Implementing Zero Trust, strong access controls, and proactive threat intelligence will be key in mitigating these risks.
Pomerium as a Solution
Pomerium plays a crucial role by enforcing identity-aware, policy-driven access controls to prevent unauthorized access before a breach can occur.
As cybercriminals refine their tactics, organizations must invest in security strategies that provide continuous verification and context-aware access. The best defense is one that adapts in real time—just like the threats we face.
