The latest Global Threat Intelligence Report (GTIR) from Flashpoint finds that threat actors compromised over 3.2 billion credentials in 2024, a 33 percent increase from the year before.
Of these 75 percent or 2.1 billion, were sourced from information stealing malware, a dangerous new twist on an older threat that has infected over 23 million devices worldwide.
The report is based on analysis of 3.6 petabytes of data, drawn from various external sources including official reports, ransomware blogs and Freedom of Information requests. It identifies a 10 percent increase in ransomware attacks across all sectors in 2024, following a tremendous 84 percent increase from the previous year. In addition, the five most prolific ransomware-as-a-service (RaaS) groups — Lockbit, Ransomhub, Akira, Play, and Qilin — were responsible for over 47 percent of 2024’s reported attacks. Data breaches saw a year-on-year increase of approximately six percent. All of this highlights the need for organizations to maintain strong defenses and incident response plans.
Josh Lefkowitz, Flashpoint CEO, says, “Organizations are facing an unprecedented barrage of sophisticated threats that are more complex, interconnected, and higher-stakes than ever before. From the rapid proliferation of information stealing malware — a gold mine for threat actors — to the exploitation of vulnerabilities, and the rise of ransomware attacks and data breaches, the threat landscape is evolving at a breakneck pace.”
The US accounts for more than 63 percent of the global data breach total (6,670), reporting
4,260 breaches — a 12 percent increase compared to 2023. The next most affected countries lag some way behind with the UK on 270 breaches and Canada on 238.
The professional, scientific and technical services sector saw the most breaches accounting for 15.9 percent, followed by healthcare and social assistance on 14.8 percent, and finance and insurance on 14 percent.
Over 73 percent of all 2024 breach events stemmed from an unwanted outsider gaining access. The highest number of records lost in this manner was 2.6 billion, when a US-based background check company failed to secure its database containing names, addresses, emails, and social security numbers, which were then listed for sale on illicit marketplaces.
You can get the full report from the Flashpoint site.
Image credit: Syda_Productions/depositphotos.com
