Create a free Manufacturing.net account to continue

Ransomware Report Shows Fewer Incidents, Future Concerns

The fear is that larger RaaS groups are exercising greater control over their affiliates.

Jeff Reinke
May 3, 2024
Financial Cyber

Dragos recently released its Q1 2024 ransomware report, which offers some cautiously optimistic findings:

  • While ransomware remains the most widespread cybersecurity threat impacting industrial organizations, research from this past quarter shows a decline in activities targeting the industrial sector. Of the 77 ransomware groups known for their industrial attacks, only 22 were active.
  • There were no significant operational disruptions caused by ransomware in the first quarter of 2024.
  • Dragos attributes this drop in ransomware activity to two factors:
    1. Coordinated law enforcement missions focused on RaaS groups. This includes the recent actions taken against Lockbit, perhaps the most dangerous ransomware group for the industrial sector. This group, however, was still responsible for 26 percent of all ransomware attacks in the first quarter. Additionally, the Alphv/Blackcat group initiated a self-decommission of its infrastructure after stealing millions from an affiliate.
    2. Many of the most notorious RaaS groups have shifted their focus to the healthcare sector.
  • Dragos expressed concerns over the drop in activity from major RaaS players, as this could be an indication of the ability of these groups to influence their affiliates to shift focus in optimizing their efforts on specific sectors. This has been the case with the industrial sector in the past, and is currently being experienced in healthcare, i.e. the Change Healthcare hack. Reading between the lines, it would seem that the focus could be shifted back to the manufacturing and infrastructure sectors based on the whims of these prominent criminal organizations.
  • According to Dragos, the technical capabilities of ransomware groups underscore their agility and sophistication in exploiting vulnerabilities, citing the targeting of ConnectWise ScreenConnect by BlackBasta and Lockbit, and the Qlik Sense application by CACTUS.
  • Dragos also found that ransomware operations, possibly in collaboration with initial access brokers (IABs), have attempted to exploit zero-day vulnerabilities in Ivanti ICS VPN.
  • There were 83 ransomware incidents that impacted industrial organizations and infrastructure in North America, compared to 87 incidents in the previous quarter. Manufacturing was the most impacted industry during the first quarter of 2024, with 106 observed incidents in total, or 62.7 percent. This breaks down by sector as follows:
    • The transportation sector represented 14.7 percent of all observed incidents.
    • Industrial control systems (ICS) registered 12.4 percent of attacks.
    • Oil and natural gas accounted for 4.3 percent, which is double the number of the incidents of the previous quarter.
    • The water and wastewater sector was the victim of 1.7 percent of attacks.
    • In addition to the primary industries and sectors mentioned above, Dragos observed 21 unique manufacturing subsectors impacted by ransomware during the first quarter of 2024, including Food and Beverage, Packaging, Chemicals, Pharmaceuticals and Aerospace.
  • The 8base ransomware group accounted for 13.6 percent of ransomware attacks, followed by  Hunters International, Black Basta, Akira, MedusaLocker, and many more.

Dragos also cited recommendations from the SANS Institute, and their five critical controls to ensure world-class ICS and OT cybersecurity:

  • An ICS-focused incident response plan.
  • A defensible architecture.
  • OT network visibility and monitoring.
  • Secure remote access.
  • Risk-based vulnerability management. 

To read more about the report and Dragos analysis of the findings, click here.

Read Next
Cybersecurity In A Bubble
Cybersecurity
Report Breaks Down Surge in Cloud Attacks
May 16, 2024
Latest in Cybersecurity
Semiconductors
NIST Awards Over $1.2 Million to Small Businesses
May 17, 2024
Cybersecurity In A Bubble
Report Breaks Down Surge in Cloud Attacks
May 16, 2024
Computer Crime Concept 516607038 2125x1416 (1)
CISA Releases Data on Defending Against Pro-Russia Hacktivists
May 16, 2024
Ransomware
Ransomware: The Relentless Threat
May 16, 2024
Related Stories
Cybersecurity In A Bubble
Cybersecurity
Report Breaks Down Surge in Cloud Attacks
Computer Crime Concept 516607038 2125x1416 (1)
Cybersecurity
CISA Releases Data on Defending Against Pro-Russia Hacktivists
Ransomware
Cybersecurity
Ransomware: The Relentless Threat
Ep96tn
Cybersecurity
Security Breach: Supply Chains Are a Hacker's Gateway
More in Cybersecurity
Semiconductors
Operations
NIST Awards Over $1.2 Million to Small Businesses
To advance cybersecurity, biopharmaceuticals, semiconductors and more.
May 17, 2024
Cybersecurity In A Bubble
Cybersecurity
Report Breaks Down Surge in Cloud Attacks
More data is flowing into the cloud, and the bad guys know it.
May 16, 2024
Computer Crime Concept 516607038 2125x1416 (1)
Cybersecurity
CISA Releases Data on Defending Against Pro-Russia Hacktivists
Although the tactics are not complex, the results can be disastrous.
May 16, 2024
Ransomware
Cybersecurity
Ransomware: The Relentless Threat
Threat actors are refining their methods, as fewer incidents are being stopped before data is encrypted.
May 16, 2024
Ep96tn
Cybersecurity
Security Breach: Supply Chains Are a Hacker's Gateway
Many attacks on manufacturers are just the first step in going after even bigger targets.
May 16, 2024
General Cyberattack
Cybersecurity
Verizon Report Shows Vulnerabilities, Human Errors as Primary Challenges
Most breaches involve a non-malicious human element, such as falling prey to a social engineering attack.
May 9, 2024
Logistics Management
Cybersecurity
Third-Party Intelligence Helps Expose Supply Chain Threats
The platform extension offers vendor-specific security posture data.
May 9, 2024
Computer Crime Concept 516607038 2125x1416 (1)
Cybersecurity
Threat Report Shows Onslaught of DDoS Attacks
Hacktivist groups are increasing attack frequency and raising their level of aggression.
May 9, 2024
Ep94tn
Video
Security Breach: The Hacks!
In this episode, we dive into some of the most notorious attacks to hit manufacturing over the last six months.
May 9, 2024
Cybersecurity
Software
New Siemens Software Automatically Identifies Vulnerable Production Assets
The cybersecurity SaaS will be available for purchase in July 2024.
May 8, 2024
Manufacturing
Industry 4.0
Tech Trends to Watch in Manufacturing
AI is at the forefront.
May 7, 2024
General Cyberattack
Cybersecurity
CISA, FBI Release Secure by Design Alert
The two agencies are urging manufacturers to eliminate directory traversal vulnerabilities.
May 3, 2024
Manufacturing Infrastructure Cyber
Cybersecurity
CISA Releases Latest ICS Advisories
Cisco, Siemens, Honeywell and Mitsubishi systems top the list.
May 3, 2024
Ep92tn
Cybersecurity
Security Breach: Predictions That Hit
A look back at Security Breach guest's most accurate and timely industrial cybersecurity predictions.
May 2, 2024
Andrew Witty, Chief Executive Officer of UnitedHealth Group, testifies at a Senate Finance Committee hearing examining cyber attacks on health care, and the Change Healthcare cyber attack, Wednesday, May 1, 2024, on Capitol Hill in Washington.
Cybersecurity
Change Healthcare Cyberattack Due to Lack of Multifactor Authentication
That's according to UnitedHealth CEO Andrew Witty.
May 1, 2024