Solar Group, the architect of comprehensive cyber security, presented the analytics of the external digital threat monitoring center Solar AURA for the first three quarters of 2024.
According to the results of nine months of this year, experts recorded 569 incidents (reports of leaks, including cases of publication of databases of Russian companies) – this is 80% more than in the same period last year and 35% more than in the whole of 2023.
At the same time, the stolen data entered the network partially or fully in only 55% of cases (316 incidents), and some of them can only be judged from fragments of published databases, archives or reports of hacker groups, the report says.
At the same time, the number of lines of published data increased by 15% year-on-year, up to 800 million. For the sake of comparison, last year’s statistics exclude the leak associated with the publication of 4 billion lines of mostly technical information, which is not significantly important from the point of view of cyber security.
At the same time, the total volume of published data decreased by 95%, to 5 terabytes, which is due to a decrease in the number of incidents in which attackers gained access deep inside the company’s infrastructure and were able to reach large arrays of unstructured information. However, according to experts, the situation may change. Even after the end of the reporting period, there were reports of successful cyber-attacks, during which significant amounts of data fell into the hands of attackers.
The attackers also began to publicly publish databases obtained as early as 2023, but which had not previously appeared in the public space. In addition, during the analysis of the shadow segment of the Internet and Telegram channels, Solar AURA experts discovered and confirmed 120 cases of defacement – a type of attack during which hackers replace the official web page of the company’s website with another one with negative content.
The first place in the number of incidents related to data leaks is occupied by retail – this sector had 182 such cases. In second place is the service sector (101 incidents), and in third place was the public sector, which includes both state authorities and authorities of subjects and local self-government (45 incidents). The education and science segment (42 incidents) follows with a minimal margin, followed by the manufacturing sector (38 incidents) and telecommunications (37 incidents).
In terms of the number of escaped lines, the first place was taken by the financial sector with an indicator of 409 million lines.
Data obtained as a result of leaks are actively used by attackers to carry out phishing attacks. Thus, the number of detected and blocked resources in the first nine months of this year increased by 116 percent compared to the same period in 2023.
In 2024, hackers began to use third-level and deeper phishing domains en masse, and usually without mentioning brands, making it difficult for automated monitoring tools to find such resources. If a year ago the share of such domains without a connection with the brand was 16%, then in 2024 up to 40% of phishing resources have no meaningful connection with the brand. At the same time, in the case of marketplaces, the share of off-brand domains reached 70% this year.
The report was compiled on the basis of data from the DRP service for monitoring external digital threats Solar AURA of the Solar Group. Analytics is based on the results of monitoring public and closed segments of the Internet by customers and pilot projects of the Solar AURA center:
- 1.2 million+ domain names and issued SSL certificates (pool of sources dynamically updated every day);
- more than 2,500 Telegram channels on illegal topics and darknet forums;
- 50 million DNS queries per day.
The Solar AURA service was launched in March 2023. It is a comprehensive solution for monitoring digital threats that originate outside the customer’s controlled infrastructure. The service allows detection of phishing on behalf of the company, possible data leaks, signs of preparation of attacks on the dark web, illegal use of the brand, suspected illegal use of acquiring, fraud with counterparties and other digital risk factors.