Dark Web Infostealer Lumma Resurges, Targeting VPN Technologies
COMMERCE, MICHIGAN, October 29, 2024 (PR Newsire) – Nuspire, a leading managed security services provider (MSSP) and PDI Technologies company, today released its Q3 2024 Cyber Threat Report, offering an in-depth analysis of cyber threats over the past quarter. Significant findings in the report include a surge in exploit attempts, a change in ransomware group dominance, and shifting trends in dark web behavior.
According to the report, exploit activity increased by over 50%, driven by a sharp rise in attacks against VPN technologies. On the ransomware front, a power shift emerged as RansomHub dethroned LockBit as the top extortion publication group, signaling evolving tactics in the ransomware ecosystem.
“This quarter’s findings highlight a clear shift in how cybercriminals are attacking—particularly their exploitation of VPN vulnerabilities, which organizations often overlook in their broader security strategy,” said J.R. Cunningham, Chief Security Officer at Nuspire. “It’s no longer enough to rely on reactive measures. Businesses must adopt a more preemptive approach, strengthening their remote access controls and continuously assessing potential entry points. The rise of RansomHub also signals that ransomware actors are getting bolder, which calls for more robust incident response capabilities, not just at the technical level, but in how organizations manage the human and financial impact of these attacks.”
Key Insights from Nuspire’s Q3 2024 Cyber Threat Report
- Exploit Activity:
- A total of 16,964,624 exploitation events were detected in Q3, marking a 50.96% increase over Q2.
- Over 60% of these attacks targeted unpatched or outdated systems, focusing on VPN vulnerabilities.
- The Fortinet FortiOS SSL-VPN vulnerability (CVE-2022-42475) was the most exploited, with a significant uptick in attack attempts.
- Exploits targeting remote work environments saw a 45% increase, further highlighting the risks posed by hybrid workforces.
- Ransomware Trends:
- RansomHub ransomware overtook LockBit as the leading ransomware group, with an 8.06% rise in ransomware publications.
- Nearly 30% of all ransomware-related extortion in Q3 was attributed to RansomHub’s activity.
- 40% of successful ransomware attacks were initiated through phishing or exploited vulnerabilities.
- Smaller ransomware groups are adopting more agile tactics to evade law enforcement and detection.
- Dark Web Listings:
- Dark web activity decreased by 5.41% overall, but the Lumma Stealer infostealer saw a resurgence, with a 12% increase in listings.
- Demand for compromised VPN and cloud service credentials surged, with listings for these credentials increasing by 15%.
- High-value targets, particularly in healthcare, financial services, and critical infrastructure, were prioritized in dark web transactions.
“Q3 2024 saw a dramatic increase in exploit attempts, underscoring the continued evolution of cybercriminal tactics,” said Craig Robinson, VP of Security Services Research at IDC. “With remote access technologies like VPNs under constant attack, organizations can no longer depend on patch management alone. A comprehensive, forward-looking approach is necessary—one that integrates real-time monitoring, adaptive threat management, and advanced solutions like generative AI to accelerate detection and response. As ransomware and dark web threats rise, prioritizing identity security and adopting zero-trust frameworks will be essential for long-term protection.”
To access the complete Q3 2024 Cyber Threat Report and learn more about protecting your organization, visit Nuspire’s website.
About Nuspire
With over 25 years of expertise, Nuspire, a PDI Technologies company, is redefining cybersecurity through intelligent unification and unparalleled protection. Our company delivers innovative managed security services (MSS), managed detection and response (MDR), endpoint detection and response (EDR), and consulting solutions tailored to clients’ needs. Our technology-agnostic platform provides holistic visibility across entire security tech stacks, seamlessly integrating human expertise, advanced AI, and cutting-edge technologies. This comprehensive approach offers unprecedented control and predictive intelligence across clients’ cybersecurity infrastructure. With features like an AI-powered assistant for streamlined operations and a mobile application for on-the-go threat management, we empower organizations to confidently navigate the evolving threat landscape. Driven by uncompromising excellence, our experts and 24×7 SOCs enable clients to stay ahead of emerging threats while optimizing their security investments. For more information, visit Nuspire’s website.
For more information, visit Nuspire’s website and follow the company on LinkedIn @Nuspire.
About PDI Technologies
With 40 years of industry leadership, PDI Technologies, Inc. resides at the intersection of productivity and sales growth, delivering powerful solutions that serve as the backbone of the convenience retail and petroleum wholesale ecosystem, as well as other specialty retail and restaurant environments like quick-service restaurants (QSRs), fast casual dining, and more. By “Connecting Convenience” across the globe, we empower businesses to increase productivity, make informed decisions, and engage faster with their customers. From large-scale ERP and logistics operations to loyalty programs and cybersecurity, we’re simplifying the industry supply chain for whatever comes next. Today, we serve over 200,000 locations worldwide with solutions like the Fuel Rewards® program and GasBuddy®, two popular brands representing more than 30 million users. Visit the PDI Technologies website.
For more information, contact: Francie Dudrey, Francie.dudrey@nuspire.com