Positive Technologies has released its Q3 2024 cybersecurity threatscape report, offering insights into the growing challenges posed by cyberattacks. The study revealed a troubling trend: IT professionals have become the most frequent targets of attacks on individuals. This shift has significant implications, as cybercriminals exploit their access to IT specialists to penetrate IT companies and execute large-scale supply chain attacks. These attacks often rely on sophisticated methods, including malicious advertisements, malware, and even staged fake interviews designed to deceive professionals into unknowingly downloading harmful software.

The report highlights a significant 15% year-on-year increase in attacks targeting both individuals and organisations during Q3. Among individuals, IT specialists emerged as the primary targets, accounting for 13% of such attacks. Malware was the most commonly used tactic, involved in 72% of the cases, and spread through various channels such as package managers, public repositories, deceptive advertisements, and fraudulent job interviews.

According to Valeriya Besedina, Junior Information Security Analyst at Positive Technologies, this surge in attacks on IT specialists is driven by cybercriminals’ ambitions to infiltrate larger organisations through their employees. She explained that IT specialists serve as entry points, enabling attackers to compromise software supply chains and inflict widespread damage across multiple organisations. Alarmingly, these types of attacks were reported to occur at least once every two days in 2024, reflecting the scale and frequency of the threat.

Remote access trojans (RATs) have become a dominant tool in these attacks, granting hackers continuous access to compromised systems. Attackers employed tactics such as creating fake websites mimicking popular network scanning tools, which were then promoted through search engines to attract unsuspecting users. A particularly alarming method known as “Revival Hijack” took advantage of a Python Package Index (PyPI) policy to compromise more than 22,000 existing PyPI packages. Users who updated these packages were unaware of the malicious actions taken by attackers.

The study also found that RATs and ransomware were the most frequently used tools in organisational attacks, with each accounting for 44% of incidents. In nearly 80% of successful breaches, attackers managed to compromise computers, servers, and network equipment. Notable malware tools such as AsyncRAT, XWorm, and SparkRAT were identified as commonly used. These tools were often delivered through phishing emails disguised as invoices, targeting industries including manufacturing, banking, healthcare, and software development. Such attacks frequently resulted in infections by the XWorm trojan.

Spyware emerged as another significant threat in Q3, with cybercriminals employing tactics to spread malware like DeerStealer, Atomic Stealer, and Poseidon Stealer. They utilised services to promote malicious websites to the top of search engine results, effectively deceiving users into downloading spyware.

Social engineering also remained a key method for attackers, particularly against individuals and organisations. It was used in 92% of attacks targeting individuals and half of those targeting organisations. Emails and websites were the primary mediums for social engineering, accounting for 88% and 73% of attacks, respectively. These attacks often led to severe consequences, such as breaches of confidential data and disruptions to core business operations.

To counter these growing threats, Positive Technologies advocates for result-driven cybersecurity strategies that focus on protecting organisations against non-tolerable events—cyberattack consequences that could hinder operational or strategic goals. They recommend the use of sandboxes to analyse file behaviour in virtual environments, allowing organisations to detect and prevent malicious activity before damage occurs. Additionally, network threat analysis (NTA) systems like PT Network Attack Discovery can help identify modern threats, including RATs, ransomware, and spyware.

Organisations are encouraged to regularly inventory and classify their assets, implement robust data access control policies, and monitor access to sensitive information. Continuous monitoring of cybersecurity events using tools like MaxPatrol SIEM enables rapid detection and response to cyberattacks. Vulnerability management processes, supported by tools such as MaxPatrol VM, should also be implemented, alongside penetration testing and participation in bug bounty programs to identify and address security gaps proactively.

Given the increasing use of legitimate services to deliver malware, software developers are urged to pay close attention to repositories and package managers used in their projects. Application security tools such as PT Application Inspector can help identify vulnerabilities within code, while web application firewalls like PT Application Firewall can strengthen network perimeters against external threats.

Data protection measures should be a top priority for organisations, as safeguarding sensitive information is essential to prevent breaches. IT specialists must remain vigilant, avoiding suspicious links and attachments from unverified sources. By fostering a proactive approach to cybersecurity, organisations and individuals alike can better defend against the ever-evolving threat landscape.