Exploits, Access, Extortion: Know Your Enemy in 2024 and… | Intel 471 Skip to content

Exploits, Access, Extortion: Know Your Enemy in 2024 and Beyond

May 06, 2024
Homepage Hero

Arm Yourself with Knowledge in The 471 Cyber Threat Report 2024

It’s time to arm yourself against cybercrime with the Intel 471 Cyber Threat Report 2024, our comprehensive cyber threat intelligence (CTI) analysis of threat actor activity and techniques from January 2023 to March 2024. We also look at the varied motivations of hacktivist groups, ransomware gangs, and initial access brokers (IABs), and highlight emerging trends to help you stay ahead of a rapidly changing threat landscape.

In the past year, law enforcement agencies have notched significant wins against major ransomware-as-a-service (RaaS) operators, disrupting ALPHV aka BlackCat in December 2023 and LockBit in February 2024. These, however, occurred at the end of a year in which reported ransomware attacks almost doubled to 4,429. LockBit was again the most prevalent ransomware variant, impacting 981 victims, followed by ALPHV, which impacted 427 victims, many in healthcare and other critical sectors.

It’s too early to tell whether these victories will leave a lasting impact on RaaS operators. LockBit’s response demonstrated the sophistication of the underground cybercrime economy. After re-establishing the LockBit data leaks blog, its victim-shaming site, the actor threatened to buy compromised network access credentials related to all U.S. government, educational, and nonprofit organizations from IABs.

Additionally, Intel 471 saw activity from IABs, a key enabler in cybercrime, grow and shift in 2023. We reported 5,347 instances of IAB vendors offering compromised credentials and/or alleged unauthorized access to networks or systems in 2023. We also track “specified access” when there are indicators that a threat actor has verified the validity of access being sold as operational.

See the report to also find out which industries and countries were most impacted and the most common IAB tactics, techniques, and procedures (TTPs) we observed. This rapidly evolving threat landscape is one reason Intel 471 recently acquired Cyborg Security and its HUNTER platform, which gives threat hunting teams a powerful set of tools to proactively detect stealthy threats.

Other major factors that will influence cybercrime trends in 2024 include:


  • Hacktivism: The pro-Russian NoName057(16) group accounted for almost 60% of all hacktivist incidents during 2023. Intel 471 observed shifting alliances within hacktivist groups, and the reignition of the Israeli-Palestinian conflict in October caused significant fluctuations in activity, with Cyber Toufan becoming the most active pro-Palestinian group.

  • Malware: Infostealers accounted for 21% of all malware-related offerings. This dominance is expected to persist into 2024 due to the efficiency, profitability, and low entry barrier they provide cybercriminals.

  • Vulnerabilities: Intel 471’s Vulnerability Intelligence team found a 43% increase in zero-day vulnerabilities in 2023.

  • Looming Cyber Threats: The online ecosystem known as “TheCom” enabled individuals to form small subgroups with experienced threat actors online and combine techniques to elevate their capabilities of breaching corporations.

  • Artificial Intelligence and Deepfakes: Deepfakes were named one of the most common ways threat actors leveraged AI in 2023. With AI rapid advancements, threat actors were able to create deepfake content in a cost-effective way.

Download the 2024 Cyber Threat Report today to see the culmination of Intel 471’s dedication to exposing the tactics of global adversaries which we share in real time with clients through TITAN, our platform that collects, interprets, structures, and validates human-led, automation-enhanced results.

The 471 Cyber Threat Report 2024