According to a Nuspire report, ransomware extortion publications rose by 46% compared to Q3, with Clop ransomware emerging as the most active group, surpassing RansomHub.
Clop, known for its double-extortion tactics, leveraged multiple zero-day vulnerabilities throughout Q4, significantly impacting the Professional & Technical Services industry, which remained the most targeted sector.
Additional findings include:
Ransomware trends
- 2,247 ransomware extortion publications were reported, a 46% increase from Q3 2024.
- Clop overtook RansomHub as the most active ransomware group, while Akira, Funksec, and Bashe entered the top five.
- Finance & Insurance emerged as the third-most targeted industry, rising from fifth place in Q3 2024.
Exploit activity
- Exploit attempts increased by 72% compared to Q3 2024, with 29,180,763 exploit events detected.
- Hikvision camera vulnerabilities (CVE-2021-36260) and Bash vulnerabilities (CVE-2014-6271) saw significant increases in exploitation attempts (56% and 77%, respectively).
- Firewall and VPN technologies remain top targets, as cybercriminals seek to bypass perimeter defenses.
Dark web trends
- Dark web marketplace listings decreased by 32% from Q3 2024, with 1,316,660 raw log listings and 590,762 credit card listings available for sale.
- Lumma Stealer, a persistent malware-as-a-service (MaaS) infostealer, continued to thrive, harvesting sensitive data for resale on illicit marketplaces.