Most Targeted Industry by Sector in 2024
2024
Professional Services
Kroll saw the continued targeting of professional services firms in 2024. These firms were most likely to be impacted by email compromise incidents, which pose the risk of financial loss and threaten the confidentiality of data.
Financial Services
While most likely to be impacted by email compromise incidents, the beginning of 2024 saw the financial services sector targeted with ransomware operations, such as BLACKCAT and LOCKBIT ransomware. These incidents exposed the personally identifiable information (PII) of millions of individuals after stolen data was posted on ransomware threat actor sites.
Manufacturing
Similar to previous years, Kroll observed that the manufacturing sector continues to be a favorite target for ransomware groups. With their position along the supply chain, the sector is a rich target for threat actors looking to disrupt critical operations with downstream impact. Nation-state actors also target the sector for corporate espionage or to disrupt industrial control systems and operational technology.
Healthcare
With this sector a perennial target for threat actors, one of the most notable cyberattacks of 2024 related to the Change Healthcare ransomware event in February 2024, which disrupted critical payment operations for healthcare providers and pharmacies. The ransomware incident was attributed to RANSOMHUB and resulted in an $872 million loss. However, the incident was also attributed to a former ALPHV/BLACKCAT affiliate who joined RANSOMHUB. The Change Healthcare incident impacted an estimated 190 million people and exposed data, including military personnel PII, medical records, dental records, insurance records and more.
Retail / Restaurant
While email compromise was the most frequently observed threat to this sector in 2024, Kroll also observed ransomware groups, particularly BLACKBASTA, targeting the sector. Incidents against the sector increased in the fourth quarter, indicating that threat actors were likely to prey on it during the holiday season. The sector is also vulnerable to web compromise targeting online payment platforms. Kroll also observed that many engagements for the retail sector were tied to insider threats.
Technology & Telecom
Beginning in Q3 2024 and continuing into Q4, Kroll has observed doubled activity against the technology sector. These attacks include supply chain events such as the CDK Global attack, which halted car sales at hundreds of dealerships across the U.S. in June 2024. The attack was attributed to the ransomware group BLACKSUIT. Nation-state actors also found the sector to be a prime target in 2024, with Russian actors targeting Microsoft and Chinese actors targeting telecommunications providers.
10%
13%
9%
8%
7%
Professional Services
Manufacturing
Healthcare
Retail / Restaurant
Technology & Telecom
25%
Financial Services