DigitalXRAID

Threat Pulse – October 2024

Each month, DigitalXRAID’s Security Operations Centre (SOC) analysts share the top threats affecting businesses globally. Take action to protect your organisation against these prolific threats. 

If you’ve been affected by any of these threats, we’re here to help. You can call our Cyber Emergency line any time of the day or night for help with active cyberattacks.

DigitalXRAID’s SOC analysts constantly monitor for zero-day threats and update our signature databases using the largest Open Threat Exchange database available. 

Mamba 2FA: Phishing-as-a-Service Platform 

In October 2024, a new phishing-as-a-service platform named Mamba 2FA was identified. This service enables adversaries to bypass multi-factor authentication (MFA) on Microsoft 365 accounts, creating significant risks for businesses that rely on cloud services for operations.  

By providing a streamlined way to circumvent MFA, Mamba 2FA introduces an urgent need for enhanced security in corporate environments. 

BlackCat ransomware group executed data encryption and theft attacks 

Healthcare organisations faced escalating cyber threats from advanced persistent threat (APT) groups in October 2024. APT groups, including ransomware operators like BlackCat, targeted healthcare providers with data encryption and theft attacks, pressuring institutions to pay ransoms.  

Additionally, advanced DDoS campaigns, such as HTTPS flood attacks, severely disrupted electronic health records (EHR) systems and telehealth services. Amid staffing shortages in healthcare cybersecurity, experts recommended investments in AI-driven threat detection and managed cloud security to mitigate these risks. 

Gelsemium exploited vulnerabilities in web applications  

Chinese-linked group Gelsemium exploited vulnerabilities in web applications, particularly looking to infiltrate specific sectors such as real estate firms, deploying malware to maintain access in compromised networks.  

Other groups looking to also target real estate included, Flax Typhoon, which engaged in espionage efforts across various industries. Additionally, the Lazarus Group expanded its focus to the real estate sector, as part of broader financial-targeted campaigns. This trend highlights the need for stronger cybersecurity practices to protect firms from increasingly sophisticated threats. 

LAURIONITE exploited vulnerabilities in Oracle E-Business Suite 

In October 2024, LAURIONITE exploited vulnerabilities in Oracle E-Business Suite to conduct reconnaissance and data theft operations while maintaining a low profile. This attack particularly affected Manufacturers.  

Additionally, PSI Software, a control systems provider, experienced a ransomware attack, significantly disrupting its operations. With outdated systems and minimal cybersecurity protections, the manufacturing sector remains highly vulnerable, underscoring an urgent need for comprehensive cybersecurity upgrades. 

Evilnum extended operations beyond Europe and the UK 

The group Evilnum extended its operations beyond Europe and the UK, targeting companies in Canada and Australia with spear-phishing campaigns. These attacks particularly affected the finance industry.  

Using a malware strain named Evilnum, they aim to steal sensitive data such as customer records and financial information. These developments underscore the growing risk to the fintech industry from APT actors employing increasingly sophisticated tactics. 

DDoS and infiltration attacks target critical infrastructure 

Attackers employed combined DDoS and infiltration methods in October 2024 to disrupt operations and maintain access for espionage or data theft. Public institutions, especially those managing critical infrastructure like energy and water systems, became prime APT targets for these attacks. 

DDoS attacks on public industry targets rose by 163%, illustrating the intensified efforts of cyber actors to overwhelm government defences and exploit critical infrastructure vulnerabilities. 

Major sporting events targeted by APT groups 

The sports industry faced severe cybersecurity threats in October 2024, with multiple APT groups targeting major events and organisations.  

LockBit and Fancy Bear continued their activities in sports, targeting systems that hold sensitive data on athletes, teams, and events. The industry’s unique exposure to nation-state attacks and ransomware has highlighted vulnerabilities in event management, ticketing, and athlete medical records. Experts recommend multi-factor authentication and regular incident response exercises to better prepare sports organizations against APT attacks. 

Dragonfly 2.0 campaign shifted from reconnaissance to actively 

The Dragonfly group, through its Dragonfly 2.0 campaign, shifted from reconnaissance to actively attempting to infiltrate operational systems in the power grid.  

Russian-linked ransomware groups such as Medusa and ALPHV also escalated attacks, notably targeting energy firms in regions like Indonesia. The energy industry’s status as critical infrastructure makes it a prime target for both nation-state actors and cybercriminals seeking to disrupt operations and extort data. 

DigitalXRAID exists to ensure that the bad guys don’t win. We’re driven and motivated to protect customers. Our expertise and unrivalled service means we can take care of your security, whilst you take care of business.    

Talk to the team to see how you can start protecting your business against cyberattacks today. 

Previous Article

DigitalXRAID Joins Vanta’s Managed Service Provider Partner Program

Next Article

ISO 27001: 5 Key Points for Leadership Teams

Protect Your Business & Your Reputation.

With a continued focus on security, you can rest assured that breaches and exploits won't be holding you back.

Speak To An Expert

cybersecurity experts
x

Get In Touch

[contact-form-7 id="5" title="Contact Us Form"]