Orange Cyberdefense has released its Security Navigator 2024 report, presenting an analysis of cyber threats and cybercrime developments for the past year (period October 2022–September 2023).
The report shows that Orange Cyberdefense identified a total of 129,395 incidents during the period, an increase of 30 percent compared with the same period the previous year. The majority of activity, 43.6 percent, originated from external actors, while 37.45 percent were initiated internally within organizations.
Although the overall number of incidents rose during the year, the number of confirmed security incidents decreased. However, the confirmed incidents were significantly more sophisticated and refined. Three sectors together accounted for more than two-thirds of all confirmed incidents: manufacturing at 32.43 percent, retail at 21.73 percent, and professional, scientific and technical services at 9.84 percent.
Of the total incidents, the largest category—nearly one third (30.32 percent)—is classified as “Hacking.” This is up from last year when the category represented 25 percent of incidents. Historically, malware has been one of the two most common incident types; this year it slipped to third place and accounts for 12.98 percent of incidents. The second most common category is Misuse, representing 16.61 percent of incidents.
“Cyber threats are evolving rapidly and becoming increasingly advanced and specialized, which makes it more challenging for companies and organizations to detect and protect their digitally dependent operations,” says Peter Larsson, CTO Orange Cyberdefense Sweden. “We also see that cyber threats and cybercrime are being used for a broader range of purposes: to access data, for financial gain, and for influence operations and hacktivism. A more diverse set of actors and tactics among threat actors raises the bar for smart, intelligence-driven cybersecurity solutions. At the same time, business and executive leadership must elevate security to a strategic level to manage risks and security strategies effectively.”
Rapid evolution and change among cybercriminal actors
Ransomware and extortion are among the fastest-growing areas. Over the past twelve months, the number of ransomware victims increased by 46 percent globally, reaching an all-time high. Forty percent of attacks targeted large enterprises with more than 10,000 employees; 23 percent affected medium-sized organizations; and 25 percent hit small businesses.
According to the VERIS framework for incident classification, there has also been turbulence among the groups that conduct ransomware operations. In 2023 Orange Cyberdefense identified 31 new ransomware groups that had not been previously known. At the same time, 25 groups disappeared, while 23 groups that had been active in earlier years continued their extortion campaigns.
Geopolitical developments have pushed some ransomware actors toward more politically motivated activity, and the overall number of cybercriminal groups driven by political or ideological motives increased during the period. Their objectives frequently include espionage, sabotage, disinformation and extortion, or a combination of these activities.
For organizations, this means preparing for a broader spectrum of threats and motivations, and adopting defensive strategies that combine technical controls, threat intelligence, incident response preparedness and strategic leadership engagement to reduce exposure and improve resilience.
The full report is available from Orange Cyberdefense: https://www.orangecyberdefense.com/se/security-navigator