Financially Motivated Cybercrime Dominates Global Threat Landscape in 2024

Financially motivated cyber-crime continues to be the dominant threat in the global cybersecurity landscape, accounting for 55% of active threat groups tracked in 2024, an increase from previous years. This category includes ransomware gangs, which remain a significant concern due to their evolving tactics and operational sophistication. Cyber criminals are becoming increasingly complex, diverse, and equipped with advanced tools, including the use of artificial intelligence to conduct more targeted and evasive attacks.

The primary methods threat actors use to gain access to victim environments involve exploiting disclosed vulnerabilities, which accounted for 33% of intrusions globally and 39% in the EMEA region. Other common tactics include the use of stolen or deceptive legitimate credentials (16%), email phishing (14%), web compromises (9%), and revisiting prior compromises (8%). In EMEA, email phishing and brute force attacks are slightly more prevalent.

Once inside, threat actors typically spend an average of 11 days conducting reconnaissance and lateral movement before executing their final attack, a period known as dwell time. This is slightly longer than in 2023 but shorter than in 2022. Notably, dwell times in EMEA are significantly higher, averaging 27 days.

Detection of intrusions often comes from external sources such as ethical hackers, threat intelligence organizations, or even ransomware gangs themselves, accounting for 57% of discoveries, while internal security teams detect the remaining 43%.

While nation-state advanced persistent threat (APT) groups attract considerable attention due to geopolitical factors, they represent only 8% of threat activity, a decline over recent years. Four active APT groups were tracked in 2024, including the notorious APT44 (formerly Sandworm), linked to Russian state interests, and APT45, associated with North Korea.

The rise of infostealer malware and exploitation of Web3 technologies, including cryptocurrencies, are emerging trends within financially motivated cybercrime. The integration of AI technologies further exacerbates these threats by enabling automation and sophistication.

Overall, the cybercrime ecosystem is evolving rapidly, blending traditional cybercriminal activities with state-sponsored tactics and increasingly leveraging AI and automation. Organizations are urged to adopt proactive threat intelligence gathering and implement continuous monitoring and analysis to stay ahead of these complex threats.