Report discovers drastic shift in targeting patterns and finds professional services has displaced manufacturing as the most targeted sector
PLANO, TX – February XX, 2024 – Today, Critical Start, a leader in Managed Detection and Response (MDR) cybersecurity solution released its biannual Cyber Threat Intelligence Report[1] featuring the top threats observed in the second half of 2024, and highlights notable shifts in targeting preferences, attack methodologies, and operational patterns that security leaders across all sectors should be aware of. Findings show that Professional Services has displaced Manufacturing as the most targeted sector with Banking and Financial Services now in the top five targeted industries signaling a potential strategic realignment among threat actors. The report also includes actionable insights to help organizations strengthen their security posture and proactively mitigate potential cyber risk.
H2 2024 saw a worrying trend in cyberattacks targeting specific industries and key report findings include:
- Professional Services saw a significant increase in cyberattacks in H2 2024, with ransomware and database leak incidents surging by 20.80% compared to the first half of the year (H1 2024). This rise affected a broad spectrum of professional services, from legal entities including courthouses, injury lawyers, and other legal firms, which saw a 17% increase in attacks to diverse sectors like funeral homes, fitness centers, consulting firms, and physical security/bodyguard companies.
- Manufacturing remains one of the top sectors targeted by cyber threat actors in the second half of 2024. Attacks against this industry surged by 58% compared to the first half of the year, underscoring the growing focus of malicious actors on disrupting critical operations within this sector.
- Banking and Finance sector experienced a rapid escalation in cyber threats, with CORR data showing a 141% increase in targeting from H1 to H2. This rapid shift moved the sector from seventh to second most targeted industry within just six months.
- Retail sector experienced a dramatic surge in cyberattacks during the second half of 2024, with a 180% increase compared to the first half. This surge was largely driven by heightened consumer activity during the holiday season, a period when threat actors exploit targets of opportunity.
- Technology industry consistently ranked as the fifth most impacted sector throughout 2024, maintaining this position due to its large attack surface and year-round targeting by cybercriminals.Critical Start observed a 12.36% increase in overall targeting in H2 2024 compared to H1, reinforcing the ongoing risk.
“The second half of 2024 has painted a concerning picture as bad actors have made notable shifts in how they target and attack. As with H1, we are continuing to observe a surge in ransomware and database leak activities,” said Callie Guenther, Senior Manager of Cyber Threat Research at Critical Start. “With bad actors becoming more sophisticated and increasingly leveraging Artificial Intelligence (AI) to enhance sophistication and scale of attacks, it is vital for organizations to have a strong security culture and strategy in place. Managed Detection and Response (MDR) solutions that integrate asset inventory, endpoint controls security coverage, and MITRE ATT&CK® Mitigations will help organizations proactively mitigate risk and narrow their attack surface”
The report also highlights trending concerns for businesses, including:
- AI for Phishing and Code Execution: Attackers are leveraging AI to create highly sophisticated phishing campaigns with personalized messages and to develop autonomous malware that can exploit vulnerabilities at an unprecedented pace. Organizations must invest in AI-enhanced detection systems, conduct regular security audits, and adopt quantum-resistant encryption to mitigate these evolving threats.
- Geopolitical Landscape impacting APT threat actor operations in targeting organization: Geopolitical tensions are driving a surge in APT activity, with state-sponsored actors targeting critical infrastructure, government networks, and intellectual property. Organizations must adopt a multi-layered defense strategy, including zero-trust architectures, endpoint detection and response, and robust supply chain security.
- Quantum Computing Advanced threats with Quantum Computing and adversary capabilities: Quantum computing presents a significant threat to traditional encryption methods, as quantum algorithms can quickly break current encryption standards, enabling the “steal now, decrypt later” strategy, where adversaries intercept and store encrypted data for future decryption. Organizations must urgently transition to quantum-resistant encryption, such as those identified by NIST, and invest in research, infrastructure, and education to prepare for the quantum era.
As a part of the Critical Start Cyber Research Unit (CRU), Critical Start Cyber Threat Intelligence (CTI) continuously monitors emerging threat developments and exploited vulnerabilities while collaborating with the Security Operations Center (SOC) teams to implement new detections that reduce the risk of a breach by expanding MITRE ATT&CK threat coverage for our customers. For future updates on emerging threats, follow the Critical Start Intelligence Hub.
About Critical Start
Critical Start believes effective Managed Detection and Response (MDR) requires a balance of proactive and reactive security measures. Our Cyber Operations Risk & Response™ platform enables organizations to stay ahead of evolving threats with 24x7x365 expert-led investigation and tailored response. Through proactive capabilities—such as comprehensive asset inventories, identification of endpoint coverage gaps, asset criticality ratings, preventative safeguard recommendations, and optional vulnerability management—Critical Start MDR goes beyond detection and response to stop business disruption and prevent breaches.
Unlike traditional MDR providers, Critical Start’s holistic approach delivers Complete Signal Coverage. By continuously identifying and resolving unmonitored infrastructure, we ensure our MDR service receives the signals needed for optimal performance. Backed by over a decade of experience, our SOC leverages human expertise, supported by AI-assisted technology, to ensure precise threat investigation and effective mitigation. Critical Start empowers security leaders to build resilience and stay prepared in an ever-evolving threat landscape with flexible deployment across IT and OT environments, contractual SLAs, and a transparency-first service delivery platform.
For more information, visit www.criticalstart.com. Stay connected with Critical Start on LinkedIn and X (formerly Twitter) at @CRITICALSTART.
