Select Page

Two topics dominated my inbox this year. AI, of course, was one. Everything cybersecurity was the other. Mostly the various cybersecurity suppliers released a variety of reports and surveys. This  report comes from Dragos—the OT Cyber Threat Intelligence Report. I’ll be highlighting a few important notes from the blog post by Abdulrahman H. Alamri.

The third quarter (July – September) of 2024 brought transformative shifts to the ransomware landscape, emphasizing its dynamic and continuously evolving nature. The ransomware threat ecosystem remained highly active in the third quarter, fueled by new groups, rebranding of existing entities, expansion of initial access broker operations, and proliferation of illicitly traded tools. Ransomware operators increasingly demonstrated their ability to pivot in response to disruptions during the third quarter, leveraging technological advancements and strategic realignments to maintain their operations.  

This period witnessed a critical shift as dominant groups like LockBit faced significant setbacks due to coordinated international law enforcement actions, including Operation Cronos, which dismantled key infrastructure elements of LockBit. This led to a decline in their activities and forced affiliates such as Velvet Tempest to transition to other groups, including RansomHub.  

Concurrently, the ransomware-as-a-service (RaaS) model continued to mature, with an expanded reliance on Initial Access Brokers (IABs) that exploit vulnerabilities, misconfigurations, and stolen credentials that facilitated  entry into targeted environments. These brokers acted as force multipliers, enabling ransomware groups to scale their operations by focusing on payload deployment and extortion strategies. In general, this industrialization of ransomware has continuously lowered the barriers to entry for new actors, fostering a competitive and dynamic threat environment, and the third quarter of 2024 was no different.  

Adding to this complexity, escalations in geopolitical tensions during the third quarter introduced a new dimension to ransomware threats. Specifically, conflicts in the Middle East and Eastern Europe spurred a rise in hacktivist personas employing ransomware to disrupt industrial operations. Unlike traditional financially motivated ransomware campaigns, these actors appear to prioritize operational sabotage, posing a distinct and potentially catastrophic risk to critical infrastructure.  

There is a significant amount of information on the post. If this is your area of concern, you can check it out here.

Share This

Follow this blog

Get a weekly email of all new posts.