In the first half of 2024, cybercriminals have increasingly targeted company credentials and trade secrets, shifting away from personal data. Positive Technologies’ recent study reveals that 21% of organisations experienced credential leaks, marking a significant increase of 9 percentage points from the previous year. The theft of commercial secrets and restricted information also rose to 24%, up 10 percentage points compared to the same period in 2023. Personal data theft incidents have decreased, returning to pre-peak levels at 25% by Q2 2024.
Notable breaches include Hyundai Motor Europe and Volkswagen, with the latter losing documents related to electric vehicle technology. IT companies are also heavily targeted, with 29% of breaches involving internal processes and products. In 2024, hackers reportedly accessed the source code of software from Apple and AMD. Credential leaks often lead to further attacks, including ransomware, which was used in nearly a third of data leak incidents.
The dark web shows a notable rise in listings for stolen credentials, with Middle Eastern countries making up 16% of stolen government data listings. Asia leads with 33%, followed by Latin America and the Caribbean. Dark web forums frequently offer access to multiple companies per post, with prices ranging from $250 to $5,000. The most expensive listings, often exceeding $50,000, involve major financial institutions, retail giants, and IT companies.
Positive Technologies highlights that every second successful attack in the first half of 2024 resulted in the leakage of confidential data, affecting government agencies (13%), IT companies (12%), and industrial firms (11%). To combat these threats, organisations need a unified approach to protect user devices, corporate networks, and sensitive data.
Discussion about this post