SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Malware
#
Ransomware
#
IoT Security

Ransomware report reveals evolving threat landscape in 2024

Today
Author image
By Melania Watson, Interview Editor

Industrial cyber experts at Dragos have released their analysis of the ransomware threat landscape for the third quarter of 2024, noting an active period influenced by several new and evolving threat groups.

According to the report, the ransomware threat ecosystem remained vibrant due to the emergence of new groups, the rebranding of existing entities, the expansion of initial access broker operations, and the illicit trade of cyber tools. These cyber threat groups demonstrated a capacity to adapt to disruptions by leveraging technological advancements and strategic realignments.

A significant development this quarter was the setback of the dominant group LockBit, following coordinated international law enforcement actions, including Operation Cronos, which disrupted key infrastructure components.

This caused a decline in LockBit's activities and prompted affiliates, including Velvet Tempest, to migrate to other groups like RansomHub.

The ransomware-as-a-service (RaaS) model saw continued maturity, with an increased reliance on initial access brokers to exploit vulnerabilities, misconfigurations, and stolen credentials. These actions facilitated the scaling of ransomware operations by focusing on payload deployment and extortion, lowering entry barriers for new actors. The quarter saw sustained activity in this arena.

Geopolitical tensions have introduced new dimensions to ransomware threats. Conflicts in the Middle East and Eastern Europe have led to a rise in hacktivist personas utilising ransomware to disrupt industrial operations.

These campaigns, unlike traditional financially motivated ones, underscore a priority on operational sabotage, posing distinct risks to critical infrastructure.

Emerging threats were noted, including several new ransomware groups targeting industrial organisations by exploiting remote and virtual network applications. Notable groups such as 3am, APT73, Eldorado, Fog, Helldown, RansomHub, and Sarcoma have been identified, utilising sophisticated techniques to target industries with little tolerance for downtime.

Ransomware groups are also expanding their lateral movement capabilities, combining traditional methods with advanced persistence mechanisms.

Living-off-the-land techniques allowed operators to evade detection by mimicking legitimate activities. Additionally, remote access tools like AnyDesk and Quick Assist were exploited for persistent access. Groups such as Eldorado and Play have developed Linux lockers targeting VMware ESXi environments.

The integration of advanced malware remains a strategy, with groups like Black Basta deploying custom malware and backdoor tools to evade detection and maintain access.

Ransomware activity affected the industrial sector significantly, including a notable incident in September 2024 when oilfield services company Halliburton was breached by a RansomHub-linked threat actor, resulting in a US $35 million financial loss and compromised data integrity.

Hacktivism has seen an increase, with groups such as CyberVolk, Handala, and KillSec opting to integrate ransomware into their operations to disrupt targets, marking a shift in tactics and potential impacts on critical infrastructure.

Ransomware incidents varied regionally, with North America recording the highest attack volume.

Oceania reported 12 incidents, predominantly affecting the technology, education, and healthcare sectors in Australia and New Zealand.

Dragos's analysis identified significant shifts in ransomware activity with LockBit3.0, RansomHub, and Play among the most active groups targeting industrial organisations. Many groups increased activity, demonstrating the evolving nature of the threat landscape.

The report emphasised the necessity for robust cybersecurity measures, including monitoring critical ports, enforcing multi-factor authentication, maintaining offline backups, and securing remote access.

Enhanced training and network architecture assessments are recommended to mitigate and address these evolving threats.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Elastic Security Labs reveals new GOSAR backdoor threat
AppOmni highlights evolving SaaS cyber threats for 2025
Spearphishing identified as leading threat to utilities
Arctic Wolf uncovers 0-day Cleo MFT vulnerability exploit
AI's impact on cybersecurity: challenges & strategies
Top stories
Safety tech sector sees $6.3 billion investment rise
Cohesity completes merger with Veritas, becomes largest data protection software provider
GitGuardian unveils strategy to protect non-human identities
Hands-on Review: Norton 360 Platinum with the new Financial Monitoring
Elastic identifies stealthy malware toolkit named PUMAKIT