How Threat Actors Industrialised Cybercrime in 2024

Hackers are evolving at an alarming rate, with attacks being faster, stealthier and more dangerous. In 2024, says Huntress, threat actors rapidly evolved their craft, industrialising cybercrime with automation, advanced evasion techniques and sophisticated Ransomware-as-a-Service (RaaS) models. 

This escalation meant the gap between attack sophistication on large enterprises and smaller businesses all but vanished, as hackers took the methods and strategies commonly used to disrupt global businesses and employed them against organisations of every size. In particular, the healthcare, technology and education sectors were top targets. 

Huntress sets out this heightened threat landscape in its ‘2025 Cyber Threat Report’, an in-depth analysis of hacker activity across three million endpoints worldwide. In it the company, which provides enterprise-grade threat detection and response services that help businesses find and eliminate threats, analyses the key adversarial behaviours, techniques and trends from hackers in 2024. 

Discussing this evolution, Jamie Levy, Director, Adversary Tactics, says: “Hacker tradecraft is evolving fast, with ransomware groups growing bolder, attacks becoming harder to detect,and phishing scams reaching new levels of sophistication."

Critical trends in 2024

Huntress finds that advanced methods like defence tampering, bring your own vulnerable driver (BYOVD) privilege escalations, and UAC (User Account Control) bypasses have become the norm for attackers, underscoring the urgent need for organisations to deploy comprehensive defences, proactive patching and enhanced endpoint monitoring.

Several key trends shaped the cybersecurity landscape in 2024 and are expected to continue into 2025. Ransomware strategies became more advanced, with Huntress tracking ransomware incidents from Lynx, Akira, and RansomHub. Incidents from these groups increased by 7.9%, 11.6%, and 15.3%, respectively. 

By giving affiliates higher percentage pay outs, often reaching 80–90% of the ransom, the three collectively accounted for 54% of all ransomware incidents in 2024. 

Greg Linares, Principal Threat Intelligence Analyst says these RaaS groups have ‘industrialised cybercrime’. He adds: “The rise of RaaS groups such as these has led to increased attacks on businesses of all sizes with sophisticated techniques, once reserved for attacks on large enterprises, now becoming commonplace.”

Huntress also recognised trends such as a proliferation of remote access trojans, the increased exploitation of remote monitoring and management (RMM) tools, a sophisticated use of ‘Living off the Land’ techniques, and diversifying phishing attacks including techniques like QR code phishing and brand impersonation.

Attackers target key industries

In 2024 the education, healthcare, and technology industries were the top targets for cyber attackers. Huntress says that, while each sector faced its own distinct threats, malicious scripts, remote access trojan deployments and the abuse of RMM tools were consistent across each.

Education was the most targeted industry in 2024, making up 21% of all attacks, followed by healthcare (17%) and technology (12%). Attackers used tactics like credential theft, abuse of RMM tools, and malicious updates disguised as legitimate software to infiltrate educational institutions. 

Education is often seen as an easy target due to a reliance on shared networks, outdated systems and lower security budgets, combined with a wealth of sensitive data, like student records and research, that makes these institutions top targets. 

In the technology sector attackers took advantage of RMM tools to either gain access or move laterally within networks, with attackers often targeting third-party tools such as password managers. 

The company also noted a rise in attacks in the government and manufacturing sectors over 2024.

The case for proactive steps

Huntress says its snapshot of 2024 demonstrates how quickly the threat landscape evolves, noting ‘more and more insidious attacks across organisations of all sizes in all industries’. 

It advocates for robust, layered defences and proactive threat detection mechanisms as a priority for all organisations in the face of escalating trends around ransomware, phishing sophistication that calls for greater vigilance and security awareness training, and a surge in attacks on cloud environments such as Microsoft 365. To mitigate these attacks, organisations must have comprehensive defences, including endpoint monitoring, timely patching, and user education.

Levy concludes: “To stay ahead, organisations need a well-rehearsed incident response plan, ongoing vulnerability assessments, timely patching, and security awareness training that actually sticks. Key controls like endpoint detection and response, network segmentation, and identity and access management are also critical to minimising risk.”

Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.

Discover all our upcoming events and secure your tickets today.

Cyber Magazine is a BizClik brand