The report highlights that over 45 percent of all vulnerabilities disclosed in H1 2024 are rated high to critical in CVSSv3. Additionally, there has been an increase in infostealing malware, with over 13 million devices infected and more than 53 million credentials compromised in the first half of the year. The most prolific infostealer, Redline, infected over three million hosts and exfiltrated over 10 million stolen credentials. This stolen data is being used to carry out increasingly complex and damaging ransomware attacks.

The United States is the primary target for ransomware groups, followed by the UK and Canada. This continued focus is driven by factors such as the availability of high-profile targets, the potential for lucrative ransom payments, and overall challenges in dismantling sophisticated ransomware operations. LockBit, a ransomware-as-a-service provider, remains the most prolific form of ransomware, accounting for 428 attacks through the half year, ahead of Play on 175 and RansomHub on 169. The report also highlights the persistence of insider threats, with 8,497 unique instances of insider-related threat activity found across chat collections.

The majority of insider threat activity comes from individuals advertising their services to malicious actors. This is especially prevalent in the telecom industry, where employees offer to perform SIM swaps on behalf of threat actors. The authors emphasize that the cyber threat landscape is constantly evolving, with new threats constantly emerging and old ones evolving at a rapid pace.