This report provides a comprehensive analysis of cybersecurity incidents and trends observed throughout May 2024. Organized into distinct categories—The Good, The Bad, and The Ugly—this analysis offers valuable insights into the current state of digital security.
The Good
- Top Investments: Highlights the most significant investments in the cybersecurity field.
- Top M&As: Provides insights into noteworthy mergers and acquisitions within the cybersecurity sector.
- Top Regulations: Analyzes impactful cybersecurity policies and regulatory developments.
- Top Judicial Actions: Profiles key apprehensions and legal actions against cybercriminals.
The Bad
- Top Threat Actors: Identifies prominent threat actors responsible for cybersecurity incidents.
- Top Threats: Details the most prevalent and disruptive cybersecurity threats observed.
- Top Exploited Vulnerabilities: Reviews the most important known exploited vulnerabilities reported during the month.
- Most Vulnerable Vendors: Highlights vendors that have the highest number of reported vulnerabilities in their products.
The Ugly
- Top Victims: Profiles organizations and entities most severely affected by cyber incidents.
- Most Affected Industries: Analyzes industries disproportionately impacted by cyberattacks.
- Most Affected Regions: Provides insights into geographic areas experiencing heightened cyber activity.
- Top Legal Actions: Summarizes significant legal actions and regulatory responses related to cybersecurity breaches.
Key findings:
June 2024 has been another tumultuous month in the cybersecurity field. There were some good, bad and ugly events which paved the way for some notable inductees to cement their place in our Hall of Hacks.
On the good side, Huntress secured the largest investment, while Qwak AI Ltd. was acquired for an impressive $230 million. US President Biden signed the executive order: Protecting Americans’ Data from Foreign Adversaries (PADFA) Act. Meanwhile, Thomas Pavey and Raheim Hamilton were charged with a life sentence for their roles in operating “Empire Market,” a dark web marketplace that facilitated the anonymous buying and selling of illegal goods and services.
On the bad side, Kimsuky known as APT43 remains the most active advance persistent threat in the world, involved in 3 major incidents. Vidar Stealer was the most active malware with 4 occurrences. PHP had the most critical vulnerability CVE-2024-4577 and Adobe was found to be the most vulnerable vendor reporting 167 CVEs.
On the ugly side, around 34M of Blackberry Cylance’s customers and employees had their PII compromised. The Healthcare industry was recorded to be the most impacted by cyber attacks with 51 reported incidents. Once again, the US was the most targeted country with 215 major incidents out of 310. And in one of the most notable legal cases, Terraform Labs reached a settlement agreement with the SEC totaling $4.47 billion for misleading investors about the risks associated with TerraUSD.
June 2024 showcased both progress and setbacks in the cybersecurity landscape. While major investments and legal actions marked significant developments, the continued prevalence of threats and widespread data breaches highlight the urgent need for effective security measures.