Seven of the top targeted industries observed in 2024 were also among the most targeted industries for 2023: financial services, technology, manufacturing, healthcare, government, commercial and education. The financial services and technology sectors are viewed as lucrative targets for cybercriminals whose primary goal is to profit from their attacks, due to the sensitive data and intellectual property possessed by such organizations. The healthcare sector, which handles sensitive data, and the manufacturing sector, which is highly vulnerable to production disruptions following cyberattacks, are both valuable targets for cybercriminals. Ransomware and data extortion gangs often target these industries, causing organizations to shut down their systems during the attack remediation and recovery process. These groups also threaten to leak sensitive data to extort payments from their victims. The government sector is primarily targeted by nation-state actors for cyber espionage purposes. Cyberattack spotlight – Change Healthcare One of the most prominent cyberattacks of 2024 targeted Change Healthcare, the largest provider of payment exchange platforms for the US healthcare sector. On February 21, 2024, Change Healthcare shut down its entire network due to a cybersecurity incident, causing widespread outages across U.S. healthcare institutions using its platform for billing and insurance claims. The company later revealed it had been targeted by the ALPHV (BlackCat) ransomware gang, which claimed responsibility for the attack. The ransomware group itself also added Change Healthcare to its dark web data leaks site, claiming to have exfiltrated sensitive health and personal information of millions of Americans. In early March 2024, a UK and US law enforcement seizure notice appeared on the ALPHV gang's website, but both the FBI and UK authorities denied taking down the group. An affiliate later claimed that the gang's leaders received a $22 million ransom from Change Healthcare and absconded without paying him his share, suggesting the notice was part of an "exit scam." In April 2024, UnitedHealth, Change Healthcare’s parent company, confirmed the attack resulted in a data breach affecting a significant number of Americans, revealing that sensitive information like medical records, diagnoses, medications, and personally identifiable information were stolen. UnitedHealth admitted to paying a ransom. In May 2024, during a US law hearing, UnitedHealth’s CEO disclosed that the attackers gained access through stolen credentials and exploited a Citrix remote access system at Change Healthcare, which lacked multi-factor authentication that could have prevented the breach. 13 Vulnerability Intelligence 4 Stolen Access Credentials 6 Tips 7 Ransomware 5 Key Findings 1 9 Threat Snapshot 2 Blurring Boundaries 3