DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Attackers Targeting VPNs Account for 28.7 Percent of Ransomware Incidents in Q3 According to Corvus Insurance Cyber Threat Report

Posted on November 20, 2024 by Dissent

A press release from Corvus Insurance has some statistics worth mulling over:

 Corvus Insurance, a wholly owned subsidiary of The Travelers Companies, Inc., today released its Q3 2024 Cyber Threat Report, The Ransomware Ecosystem is Increasingly Distributed, which showed that attackers leveraging virtual private network (VPN) vulnerabilities and weak passwords for initial access contributed to nearly 30% of ransomware attacks.

According to the Q3 report, many of these incidents were traced to outdated software or VPN accounts with inadequate protection. For example, common usernames such as “admin” or “user” and a lack of multi-factor authentication (MFA) made accounts vulnerable to automated brute-force attacks, where attackers exploit publicly accessible systems by testing combinations of these weak credentials, frequently achieving network access with minimal effort.

“Attackers are focused on finding the path of least resistance into a business to launch an attack, and in Q3 that entry point was the VPN,” said Jason Rebholz, Chief Information Security Officer at Corvus. “As we look forward, businesses must strengthen defenses with multi-layered security approaches that extend beyond MFA. Today, MFA is mere table stakes and must be complemented with secure access controls capable of shoring up these current and future areas of vulnerability.”

The Ransomware Ecosystem
Using data collected from ransomware leak sites, Corvus identified 1,248 victims in Q2, marking the highest number the company has recorded in any second quarter. This level of activity persisted in Q3, when there were 1,257 attacks.

Forty percent of the Q3 attacks can be traced to five groups: RansomHub, PLAY, LockBit 3.0, MEOW and Hunters International. Of these five, RansomHub was the most active in the quarter, with 195 reported victims (up 160% over Q2), while activity from LockBit 3.0 fell sharply, from 208 victims in Q2 to 91 in Q3.

While the sources behind many of these attacks were relatively consolidated, the ransomware ecosystem did grow over this period, with 59 total groups identified by the end of Q3. This increase is noteworthy since new entrants can quickly become disruptive forces. For example, following law enforcement’s takedown of LockBit in Q1, RansomHub, which emerged in February 2024, quickly filled the void, becoming one of the more prolific and dangerous cybercriminal groups. In 2024, RansomHub has claimed more than 290 victims across various sectors.

Key Industry Trends: Construction Remains Most Impacted Industry in Q3
In the third quarter, the construction industry remained the most impacted sector, with 83 reported victims. That’s up 7.8% from the 77 attacks reported in Q2 and was driven by ransomware groups like RansomHub, which continue to target infrastructure and related sectors. Healthcare organizations also experienced a significant increase, with 53 reported victims, up 12.8% from the 42 victims reported in Q2.

To learn more, a webinar titled “Analyzing Q3 2024 Ransomware Activity” is scheduled for November 20 at 11:00 a.m. EST and will feature Corvus experts. Click HERE to register and for more information. You can also read the complete Corvus Q3 2024 Cyber Threat Report HERE.

Related posts:

  • Is KillSec3 Trying to Extort Victims Using Publicly Leaked Data?
  • The Myth of Jurisdictional Privacy
  • Data allegedly from Change Healthcare ransomware attack raises more questions than answers (1)
  • Kept in the Dark — Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden
Category: Commentaries and Analyses

Post navigation

← Apple says Mac users targeted in zero-day cyberattacks
Thai loyalty membership card data of 5 million customers put up for sale on hacking forum →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • ShinyHunters and team members arrested in France (1)
  • Texas Enacts Liability Shield From Punitive Damages for Certain Small Businesses That Adopt Cybersecurity Programs
  • Dublin ETB fined €125,000 for data protection breaches
  • From $5,000 to $800,000: Days Apart, OCR Security Settlements Show Puzzling Math
  • Liberty Township in Ohio has recovered its network after a ransomware attack
  • Marquette County Medical Care Facility discloses data breach
  • Industry Letter – June 23, 2025: Impact to Financial Sector of Ongoing Global Conflicts
  • MNGI Digestive Health settles class action lawsuit stemming from BlackCat attack
  • Four REvil ransomware members released after time served on carding charges
  • Why Dumping Sensitive Data on Network Shares is a Liability

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.