Traveler’s recently released its Q4 2024 Cyber Threat Report, which showed that ransomware groups impacted more victims in the last quarter of the year than in any quarter ever.
The report highlights a shift from mass-scale vulnerability exploits to more targeted, repeatable attack methods. This includes exploiting weak VPN and gateway credentials not protected by multifactor authentication (MFA). Travelers’ researchers attribute this trend to a ransomware training playbook leaked in 2023, which encouraged targeting commonly used VPNs with weak credentials.
Additionally, 55 new ransomware groups were identified in 2024—a 67 percent increase from 2023, pointing to a rise in smaller, more agile cybercriminals. The formation of new groups can be attributed to several factors, including law enforcement’s disruption of several well-established Ransomware-as-a-Service (RaaS) platforms like LockBit.
Also, an increase in the targeting of IT services and consulting firms was noted. These entities act as intermediaries for other industries, which can amplify the impact of an attack through their connections to multiple clients
“Based on our observations, it’s clear that basic attack techniques are still highly effective for ransomware groups,” said Jason Rebholz, Vice President and Cyber Risk Officer at Travelers. “These groups have been on the offensive, proactively hunting for targets and having significant success. It’s vital that businesses implement proven security controls, such as MFA, to make it far more challenging for malicious actors to carry out an attack on their organization.”