January 26, 2024 at 09:24AM
Recent research from Dragos shows that despite recent takedowns of top ransomware groups, remaining threat actors continue to evolve new tactics and capitalize on zero-day vulnerabilities to target industrial control systems (ICS). While the number of attacks has decreased, these groups are refining their techniques and increasing their media relations efforts, posing a significant threat.
Key takeaways from the meeting notes:
– Despite previous takedowns of top ransomware groups, remaining threat actors have continued to develop new techniques and exploit zero-day vulnerabilities, enabling them to cause more damage to industrial control systems (ICS) with fewer attacks.
– Dragos released its latest industrial ransomware analysis, indicating a more refined and potent landscape of attacks against ICS, despite recent high-profile busts of ransomware operators.
– There were fewer ransomware attacks impacting industrial systems during the analysis period, with 32 out of 77 known groups active and a decrease in the number of incidents from 231 to 204 in the fourth quarter of 2023.
– Ransomware groups like LockBit, BlackCat, Roya, and Akira have innovated by adding techniques such as remote encryption and are actively engaging with the media to shape public perception, ultimately enhancing their profitability.
– Ransomware groups are collaborating and sharing intelligence, posing potential risks to critical infrastructure and industrial sectors.
– Despite a decrease in the number of ransomware attacks, Dragos warns that these cybercriminals remain a dangerous threat, with the LockBit 3.0 group being the most active over the quarter.
– The ransomware threat landscape is expected to continue evolving, marked by the emergence of new ransomware variants and the continued use of zero-day vulnerabilities in their operational toolkit.