In the year 2023, we saw some very interesting cyber attacks occur in different industries that caught a majority of our attention, but to outline the top 3 threats on your list of radar for 2024, and continue to do so as we work our way to the second quarter of the year are LockBit, Cl0p and ALPHAV as they are the top 3 RaaS group.

These threat actors started at the beginning of the year, attacking hospitality and healthcare. But it's not long before, similar to eat actor Midnight Blizzard to incorporate LLM-based phishing attacks, malware, advanced privilege of escalation etc.

LockBit, Clop, and BlackCat emerged as prominent ransomware groups exerting significant influence over the cyber realm during the initial half of 2023, particularly targeting large organizations. Notably, a June 2023 report highlighted LockBit’s prevalence, attributing one in every six ransomware attacks against US government offices in 2022 to LockBit actors.

In January 2023, BlackCat actors made headlines for their sophisticated triple-extortion techniques, directing their focus towards NextGen Healthcare, a leading health IT solutions provider. Meanwhile, on January 31, 2023, a widespread ransomware assault targeted numerous organizations utilizing Fortra’s GoAnywhere file transfer software by exploiting a vulnerability. In this orchestrated attack, Clop actors claimed responsibility for compromising 130 organizations, among them the City of Toronto and the Community Health Systems (CHS), comprising 80 hospitals.

Disturbingly, the breach resulted in the unauthorized access and exfiltration of “personal and protected health information of up to 1 million patients.” Clop’s tactics have garnered a reputation for their viral nature, boasting claims of compromising thousands of companies globally. Their adeptness at exploiting file transfer solutions, including Accellion, Solarwinds, GoAnywhere, Papercut, and, most recently, MOVEit, has contributed to their widespread impact and success in infiltrating organizations worldwide.

Stay updated on the latest on threat actors with me as we keep a close eye on them.