Active Ransomware Threat Groups Increase by 30% in 2024 | Latest News

Threat Intelligence
Active Ransomware Threat Groups Increase by 30% in 2024 | Latest News

Published:

Reading time: 3 min.

The Evolving Landscape of Cybercrime: Insights from Secureworks’ 2024 State of the Threat Report

In an era where digital threats are increasingly sophisticated, the annual State of the Threat Report by Secureworks provides a crucial overview of the cybersecurity landscape. Released on October 8, 2024, this year’s report highlights a significant 30% rise in active ransomware groups, underscoring the dynamic and fragmented nature of cybercriminal operations. As law enforcement efforts disrupt established ransomware operations, new players are emerging, reshaping the threat landscape.

The Surge of Ransomware Groups

The report reveals that 31 new ransomware groups have entered the ecosystem over the past year, indicating a shift from a previously concentrated landscape dominated by a few major players. The most active groups identified include:

  • LockBit: Once the leading ransomware group, LockBit now accounts for 17% of victim listings, a decline of 8% from the previous year, reflecting the impact of law enforcement actions.
  • PLAY: This group has doubled its victim count year-over-year, showcasing its aggressive tactics.
  • RansomHub: Emerging just a week after the LockBit takedown, RansomHub has quickly become the third most active group, claiming 7% of the victim share.

The fragmentation of the ransomware ecosystem means organizations must remain vigilant against a wider variety of tactics and methodologies. The median dwell time for ransomware attacks has decreased to 28 hours, indicating that while some groups execute rapid "smash-and-grab" attacks, others may linger in networks for extended periods, complicating detection and response efforts.

Law Enforcement’s Impact on Cybercrime

The report emphasizes the significant role of law enforcement in disrupting ransomware operations, particularly against groups like GOLD MYSTIC (LockBit) and GOLD BLAZER (BlackCat/ALPV). These disruptions have not only diminished the power of established groups but have also led to the proliferation of smaller, less organized entities. The increase in ransomware groups utilizing "name and shame" leak sites has risen by 30% year-over-year, highlighting the evolving tactics employed by cybercriminals.

Despite the growth in ransomware groups, the number of victims has not increased at the same pace, raising questions about the effectiveness and sustainability of these new players. The report identifies scan-and-exploit and stolen credentials as the primary initial access vectors (IAV) for ransomware engagements, with a concerning rise in adversary-in-the-middle (AiTM) attacks.

The Role of AI in Cybercrime

Artificial Intelligence (AI) is becoming a powerful tool for cybercriminals, enhancing the scale and credibility of scams such as CEO fraud and "obituary pirates." The report notes a marked increase in discussions on underground forums about using AI tools like OpenAI’s ChatGPT for malicious purposes, including phishing attacks and script creation.

One particularly alarming trend is the rise of AiTM attacks, where threat actors steal credentials and session cookies to bypass multi-factor authentication (MFA). This trend underscores the need for organizations to reassess their security postures, as identity becomes the new perimeter in cybersecurity.

State-Sponsored Threat Activity

The report also delves into the activities of state-sponsored threat groups from countries such as China, Russia, Iran, and North Korea. Each of these nations employs cyber capabilities for geopolitical objectives, with notable trends including:

  • China: Focused on information theft for political and economic gain, Chinese cyber activity has targeted industrial sectors aligned with the Communist Party’s Five Year Plan. Recent law enforcement actions have led to indictments against members of the BRONZE VINEWOOD threat group.

  • Iran: Iranian cyber activity remains politically motivated, primarily targeting Israel and regional adversaries. The use of fake hacktivist personas allows Iran to maintain plausible deniability in its cyber operations.

  • North Korea: North Korean threat actors continue to pursue revenue generation through cryptocurrency theft and fraudulent employment schemes, particularly targeting the IT sector in the U.S., South Korea, and Japan.

  • Hamas: Following the outbreak of the Israel-Hamas war, Secureworks has tracked increased cyber activity from groups aligned with Hamas, primarily targeting Israel and its allies.

Conclusion

The 2024 State of the Threat Report from Secureworks paints a complex picture of the evolving cybersecurity landscape. As law enforcement efforts disrupt established ransomware operations, new groups are emerging, leading to a more fragmented and unpredictable environment. The increasing use of AI by cybercriminals and the ongoing activities of state-sponsored threat actors further complicate the challenges faced by organizations in safeguarding their digital assets.

For organizations, the key takeaway is clear: vigilance and adaptability are essential in navigating this rapidly changing threat landscape. As cybercriminals refine their tactics and exploit new technologies, businesses must continuously reassess their security measures and remain proactive in their defense strategies.

For a comprehensive analysis of the findings, the full report can be accessed here.

Related articles

Recent articles

Latest news

© 2024 BasicFundas.com [ CYBERSECURITY NEWS UPDATES ] All Rights Reserved.