Accessibility Statement Skip Navigation
  • Resources
  • Blog
  • Journalists
  • +44 (0)20 7454 5110
  • Client Login
  • Send a Release
Return to PR Newswire homepage
  • News
  • Products
  • Contact
When typing in this field, a list of search results will appear and be automatically updated as you type.

Searching for your content...

No results found. Please change your search terms and try again.
  • News in Focus
      • Browse News Releases

      • All Public Company News
      • All Multimedia News
      • View All News Releases

      • Regulatory News

      • D/A/CH Regulatory News
      • UK Regulatory News
      • View All Regulatory News

  • Business & Money
      • Auto & Transportation

      • Aerospace & Defense
      • Air Freight
      • Airlines & Aviation
      • Automotive
      • Maritime & Shipbuilding
      • Railroads & Intermodal Transportation
      • Supply Chain/Logistics
      • Transportation, Trucking & Railroad
      • Travel
      • Trucking & Road Transportation
      • View All Auto & Transportation

      • Business Technology

      • Blockchain
      • Broadcast Tech
      • Computer & Electronics
      • Computer Hardware
      • Computer Software
      • Data Analytics
      • Electronic Commerce
      • Electronic Components
      • Electronic Design Automation
      • Financial Technology
      • High Tech Security
      • Internet Technology
      • Nanotechnology
      • Networks
      • Peripherals
      • Semiconductors
      • View All Business Technology

      • Entertain­ment & Media

      • Advertising
      • Art
      • Books
      • Entertainment
      • Film & Motion Picture
      • Magazines
      • Music
      • Publishing & Information Services
      • Radio & Podcast
      • Television
      • View All Entertain­ment & Media

      • Financial Services & Investing

      • Accounting News & Issues
      • Acquisitions, Mergers & Takeovers
      • Banking & Financial Services
      • Bankruptcy
      • Bond & Stock Ratings
      • Conference Call Announcements
      • Contracts
      • Cryptocurrency
      • Dividends
      • Earnings
      • Earnings Forecasts & Projections
      • Financing Agreements
      • Insurance
      • Investments Opinions
      • Joint Ventures
      • Mutual Funds
      • Private Placement
      • Real Estate
      • Restructuring & Recapitalisation
      • Sales Reports
      • Shareholder Activism
      • Shareholder Meetings
      • Stock Offering
      • Stock Split
      • Venture Capital
      • View All Financial Services & Investing

      • General Business

      • Awards
      • Commercial Real Estate
      • Corporate Expansion
      • Earnings
      • Environmental, Social and Governance (ESG)
      • Human Resource & Workforce Management
      • Licensing
      • New Products & Services
      • Obituaries
      • Outsourcing Businesses
      • Overseas Real Estate (non-US)
      • Personnel Announcements
      • Real Estate Transactions
      • Residential Real Estate
      • Small Business Services
      • Socially Responsible Investing
      • Surveys, Polls & Research
      • Trade Show News
      • View All General Business

  • Science & Tech
      • Consumer Technology

      • Artificial Intelligence
      • Blockchain
      • Cloud Computing/Internet of Things
      • Computer Electronics
      • Computer Hardware
      • Computer Software
      • Consumer Electronics
      • Cryptocurrency
      • Data Analytics
      • Electronic Commerce
      • Electronic Gaming
      • Financial Technology
      • Mobile Entertainment
      • Multimedia & Internet
      • Peripherals
      • Social Media
      • STEM (Science, Tech, Engineering, Math)
      • Supply Chain/Logistics
      • Wireless Communications
      • View All Consumer Technology

      • Energy & Natural Resources

      • Alternative Energies
      • Chemical
      • Electrical Utilities
      • Gas
      • General Manufacturing
      • Mining
      • Mining & Metals
      • Oil & Energy
      • Oil & Gas Discoveries
      • Utilities
      • Water Utilities
      • View All Energy & Natural Resources

      • Environ­ment

      • Conservation & Recycling
      • Environmental Issues
      • Environmental Policy
      • Environmental Products & Services
      • Green Technology
      • Natural Disasters
      • View All Environ­ment

      • Heavy Industry & Manufacturing

      • Aerospace & Defence
      • Agriculture
      • Chemical
      • Construction & Building
      • General Manufacturing
      • HVAC (Heating, Ventilation & Air-Conditioning)
      • Machinery
      • Machine Tools, Metalworking & Metallurgy
      • Mining
      • Mining & Metals
      • Paper, Forest Products & Containers
      • Precious Metals
      • Textiles
      • Tobacco
      • View All Heavy Industry & Manufacturing

      • Telecomm­unications

      • Carriers & Services
      • Mobile Entertainment
      • Networks
      • Peripherals
      • Telecommunications Equipment
      • Telecommunications Industry
      • VoIP (Voice over Internet Protocol)
      • Wireless Communications
      • View All Telecomm­unications

  • Lifestyle & Health
      • Consumer Products & Retail

      • Animals & Pets
      • Beers, Wines & Spirits
      • Beverages
      • Bridal Services
      • Cannabis
      • Cosmetics & Personal Care
      • Fashion
      • Food & Beverages
      • Furniture & Furnishings
      • Home Improvement
      • Household, Consumer & Cosmetics
      • Household Products
      • Jewellery
      • Non-Alcoholic Beverages
      • Office Products
      • Organic Food
      • Product Recalls
      • Restaurants
      • Retail
      • Supermarkets
      • Toys
      • View All Consumer Products & Retail

      • Entertain­ment & Media

      • Advertising
      • Art
      • Books
      • Entertainment
      • Film & Motion Picture
      • Magazines
      • Music
      • Publishing & Information Services
      • Radio & Podcast
      • Television
      • View All Entertain­ment & Media

      • Health

      • Biometrics
      • Biotechnology
      • Clinical Trials & Medical Discoveries
      • Dentistry
      • FDA Approval
      • Fitness/Wellness
      • Health Care & Hospitals
      • Health Insurance
      • Infection Control
      • International Medical Approval
      • Medical Equipment
      • Medical Pharmaceuticals
      • Mental Health
      • Pharmaceuticals
      • Supplementary Medicine
      • View All Health

      • Sports

      • General Sports
      • Outdoors, Camping & Hiking
      • Sporting Events
      • Sports Equipment & Accessories
      • View All Sports

      • Travel

      • Amusement Parks & Tourist Attractions
      • Gambling & Casinos
      • Hotels & Resorts
      • Leisure & Tourism
      • Outdoors, Camping & Hiking
      • Passenger Aviation
      • Travel Industry
      • View All Travel

  • Policy & Public Interest
      • Policy & Public Interest

      • Animal Welfare
      • Corporate Social Responsibility
      • Economic News, Trends & Analysis
      • Education
      • Environmental
      • European Government
      • Labour & Union
      • Natural Disasters
      • Not For Profit
      • Public Safety
      • View All Policy & Public Interest

  • People & Culture
      • People & Culture

      • Aboriginal, First Nations & Native American
      • African American
      • Asian American
      • Children
      • Diversity, Equity & Inclusion
      • Hispanic
      • Lesbian, Gay & Bisexual
      • Men's Interest
      • People with Disabilities
      • Religion
      • Senior Citizens
      • Veterans
      • Women
      • View All People & Culture

  • Overview
  • Distribution
  • Paid Placement
  • Multimedia
  • Disclosure Services
  • SocialBoost
  • Rooms
    • MediaRoom
    • ESG Rooms
  • AI Tools
  • General Enquiries
  • Media Enquiries
  • Partnerships
  • Hamburger menu
  • Cision PR Newswire UK provides press release distribution, targeting, monitoring, and marketing services
  • Send a Release
    • Phone

    • +44 (0)20 7454 5110 from 8 AM - 5:30 PM GMT

    • ALL CONTACT INFO
    • Contact Us

      +44 (0)20 7454 5110
      from 8 AM - 5:30 PM GMT

  • Client Login
  • Send a Release
  • Resources
  • Blog
  • Journalists
  • News in Focus
    • Browse News Releases
    • Regulatory News
  • Business & Money
    • Auto & Transportation
    • Business Technology
    • Entertain­ment & Media
    • Financial Services & Investing
    • General Business
  • Science & Tech
    • Consumer Technology
    • Energy & Natural Resources
    • Environ­ment
    • Heavy Industry & Manufacturing
    • Telecomm­unications
  • Lifestyle & Health
    • Consumer Products & Retail
    • Entertain­ment & Media
    • Health
    • Sports
    • Travel
  • Policy & Public Interest
    • Policy & Public Interest
  • People & Culture
    • People & Culture
  • Client Login
  • Send a Release
  • Resources
  • Blog
  • Journalists
  • Overview
  • Distribution
  • Paid Placement
  • Multimedia
  • Disclosure Services
  • Cision Communications Cloud®
  • AI Tools
  • Client Login
  • Send a Release
  • Resources
  • Blog
  • Journalists
  • General Enquiries
  • Media Enquiries
  • Partnerships
  • Client Login
  • Send a Release
  • Resources
  • Blog
  • Journalists

Active Ransomware Threat Groups Up 30% in 2024

This image opens in the lightbox

News provided by

Secureworks, Inc.

08 Oct, 2024, 10:00 GMT

Share this article

Share toX

Share this article

Share toX

Secureworks annual State of The Threat Report outlines cybercriminals response as law enforcement operations successfully cause widespread disruption to ransomware operations

ATLANTA, Oct. 8, 2024 /PRNewswire/ -- Secureworks® (NASDAQ: SCWX) 2024 State of the Threat Report has revealed a 30% year-over-year rise in active ransomware groups, which demonstrates fragmentation of an established criminal ecosystem. 31 new groups entered the ransomware ecosystem during the last 12 months, and based on numbers of victims listed the three most active groups are:

  1. LockBit:The long established 'top dog' of ransomware groups accounted for 17% of listings, down 8% from last year, proving even further how the takedown has impacted their operations.
  2. PLAY: The second most active group, PLAY doubled its victim count year-over-year.
  3. RansomHub: A new group, emerging only a week after the LockBit takedown, is already the third most active group with 7% of the share of victims listed.

A landscape previously dominated by a few, is now home to a broader set of emerging ransomware players. As smaller groups look to become established, it means there is less repeatability and structure in how they operate and organizations need to continue to remain alert for a wider variety of tactics. This year's median dwell time of 28 hours reflects the newness of these partnerships. While some clusters of groups are executing fast 'smash-and-grab' attacks within hours, others spend hundreds of days in networks in the most extreme cases. As the new ecosystem continues to take shape, we can expect to see further variation and shifts in dwell times and methodology.

The annual State of the Threat Report examines the cybersecurity landscape from June 2023 to July 2024. Additional key findings include:

  • Law enforcement activity targeting GOLD MYSTIC (LockBit) and GOLD BLAZER (BlackCat/ALPV) caused significant disruption to the status quo of the ransomware operating landscape.
  • The number of active ransomware groups using "name and shame" leak sites grew 30% year-over-year.
  • Despite this growth in ransomware groups, victim numbers did not rise at the same pace, showing a significantly more fragmented landscape posing the question of how successful these new groups might be.
  • Scan-and-exploit and stolen credentials remain the two largest initial access vectors (IAV) observed in ransomware engagements based on our observations.
  • Observed increase in adversary-in-the-middle (AiTM) attacks – a notable and concerning trend for cyber defenders.
  • AI is growing in use and in variation for cybercriminals – expanding the scale and credibility of existing scams like CEO fraud or "obituary pirates."

Shifting Sands of Ransomware

"Ransomware is a business that is nothing without its affiliate model. In the last year, law enforcement activity has shattered old allegiances, reshaping the business of cybercrime. Originally chaotic in their response, threat actors have refined their business operations and how they work. The result is a larger number of groups, underpinned by substantial affiliate migration," said Don Smith, VP Threat Intelligence, Secureworks Counter Threat Unit™ (CTU™). "As the ecosystem evolves, we have entropy in threat groups, but also unpredictability in playbooks, adding significant complexity for network defenders."

AiTM and AI as Growing Threats

In the past year, threat actors are increasingly stealing credentials and session cookies to gain access by using AiTM attacks. This potentially reduces the effectiveness of some types of MFA, a worrying trend for network defenders. These attacks are facilitated and automated by phishing kits that are available for hire on underground marketplaces and Telegram. Popular kits include Evilginx2, EvilProxy and Tycoon2FA.

As AI tools have become widespread and readily available, it was inevitable that cybercriminals would take note as they look to scale. Since mid-February 2023, Secureworks CTU researchers have observed an increase in posts on underground forums about OpenAI ChatGPT and how it can be employed for nefarious purposes. Much of the discussion relates to relatively low-level activity including phishing attacks and basic script creation.

"The cybercrime landscape continues to evolve, sometimes minor, occasionally more significant. The growing use of AI lends scale to threat actors, however the increase of AiTM attacks presents a more immediate problem for enterprises, reinforcing that identity is the perimeter and should cause enterprises to take stock and reflect on their defensive posture," continued Smith.  

One novel example of AI being used by threat actors, as observed by Secureworks researchers, was the role it played in a fraud perpetrated by so-called obituary pirates. Threat actors monitored Google trends following a death to identify interest in obituaries and then used generative AI to create lengthy tributes on sites that were manipulated to the top of Google search results by SEO poisoning. They then directed users to other sites pushing adware or potentially unwanted programs.

State-Sponsored Threat Activity – A Summary

The report also examines the significant activities and trends in the behavior of state-sponsored threat groups belonging to China, Russia, Iran, and North Korea. This year, we are also including threat group activity from Hamas, which has seen a notable increase since the outbreak of the Israel-Hamas war, now spilling over into the public domain and our aperture. The primary drivers for these countries are geopolitical.

China:

Chinese cyber activity has continued to track with previous Secureworks observations. Their aims are broadly focused on information theft for political, economic, and military gain. Much of this activity targeted at industrial sectors that align with the high-level objectives of the Chinese Communist Party's (CCP) Five Year Plan. In October 2023, the heads of the US, UK, Australian, Canadian, and New Zealand security agencies warned of the "epic scale" of Chinese espionage. State-sponsored threat actors were not immune to the law enforcement activity. In March 2024, the US State Department unsealed indictments against seven named individuals all part of the BRONZE VINEWOOD threat group. The indictments contain details of an extensive campaign of intrusions committed by the group over more than a decade of malicious activity. In the same month, the UK government stated that China was responsible for two malicious campaigns against the UK Electoral Commission between 2021 and 2022. However, no information was released about the group responsible.

Iran:

Iranian internal and external cyber activity remained driven by its political imperatives. Internationally, Iran primarily focuses on Israel, regional adversaries including Saudi Arabia, United Arab Emirates and Kuwait, and the US. Iran makes regular use of fake hacktivist personas to target enemies, allowing itself plausible deniability. There are two primary Iranian sponsors of cyber activity: the Islamic Revolutionary Guard Corp (IRGC) and the Ministry of Intelligence and Security (MOIS).

North Korea:

North Korean threat actors continued their pursuit of revenue generation via cryptocurrency theft and sophisticated fraudulent employment schemes to gain access to Western jobs. They were persistent in targeting the IT sector and weaknesses in the supply chain. There was a major focus on entities in the US, South Korea, and Japan. These activities were set within the geopolitical context of an increased willingness on the part of North Korea to work with Russia and Iran, with the intent to foster relations with countries that are prepared to confront related, perceived enemies despite international sanctions.

Hamas:

Secureworks tracks three threat groups: ALUMINUM SHADYSIDE, ALUMINUM SARATOGA and ALUMINUM THORN considered to be aligned with Hamas, the militant group that governs the Gaza Strip. The outbreak of the Israel-Hamas war in October 2023 led to an uptick of cyber activity targeted at Israel and countries perceived to be aligned with them. However, much of that activity is thought to have been the work of hacktivist groups and personas masquerading as Palestinian but more likely linked to Iran or Russia.

Russia:

The war in Ukraine continues to drive Russian state-sponsored cyber activity, both in Ukraine and abroad. Groups associated with all three of Russia's intelligence agencies were active throughout the past year. CTU researchers assess that Russia's most aggressive use of cyber capabilities in sabotage operations will remain focused on critical infrastructure targets within Ukraine. One notable example of this kind of activity this year was IRON VIKING's cyber espionage attacks against battlefield control systems used by Ukrainian defense forces.

State of the Threat Report 2024

This 8th edition of Secureworks State of the Threat Report provides a concise analysis of how the global cybersecurity threat landscape has evolved over the last 12 months. The information within the report is drawn from the Secureworks CTU firsthand observations of threat actor tooling and behaviors and includes actual incidents. Our annual threat analysis provides a deep dive insight into the threats our team has observed on the front line of cybersecurity.

The Secureworks State of the Threat Report can be read in full here: https://www.secureworks.com/resources/rp-state-of-the-threat-2024 

About Secureworks

Secureworks (NASDAQ: SCWX) is a global cybersecurity leader that secures human progress with Secureworks® Taegis™, a SaaS-based, open XDR platform built on 20+ years of real-world detection data, security operations expertise, and threat intelligence and research. Taegis is embedded in the security operations of thousands of organizations around the world who use its advanced, AI-driven capabilities to detect advanced threats, streamline and collaborate on investigations, and automate the right actions.

Connect with Secureworks via LinkedIn and Facebook or Read the Secureworks Blog

Logo - https://mma.prnewswire.com/media/1558509/Secureworks_V1_Logo.jpg

Modal title

Also from this source

Secureworks Announces Third Quarter Fiscal 2025 Results

Secureworks Announces Third Quarter Fiscal 2025 Results

Secureworks® (NASDAQ: SCWX), a global leader in cybersecurity, today announced financial results for its third quarter fiscal 2025, which ended on...

Secureworks to Report Third Quarter Fiscal 2025 Financial Results on December 4, 2024

Secureworks® (NASDAQ: SCWX) today announced that it plans to release its third quarter fiscal 2025 financial results on Wednesday, December 4, 2024,...

More Releases From This Source

Explore

Computer Software

Computer Software

Computer Software

Computer Software

Computer & Electronics

Computer & Electronics

High Tech Security

High Tech Security

News Releases in Similar Topics

Contact PR Newswire

  • +44 (0)20 7454 5110
    from 8 AM - 5:30 PM GMT
  • General Enquiries
  • Media Enquiries
  • Partnerships

Products

  • Content Distribution
  • Multimedia Services
  • Disclosure Services
  • Cision Communications Cloud®

About

  • About PR Newswire
  • About Cision
  • Partnering Opportunities
  • Careers
  • APAC
  • APAC - Simplified Chinese
  • APAC - Traditional Chinese
  • Brazil
  • Canada
  • Czech
  • Denmark
  • Finland
  • France
  • Germany
  • India
  • Indonesia
  • Israel
  • Japan
  • Korea
  • Mexico
  • Middle East
  • Middle East - Arabic
  • Netherlands
  • Norway
  • Poland
  • Portugal
  • Russia
  • Slovakia
  • Spain
  • Sweden
  • United States
  • Vietnam

My Services

  • All News Releases
  • Customer Portal
  • Resources
  • Blog
  • Journalists
  • Data Privacy

Do not sell or share my personal information:

  • Submit via Privacy@cision.com 
  • Call Privacy toll-free: 877-297-8921

Contact PR Newswire

Products

About

My Services
  • All News Releases
  • Customer Portal
  • Resources
  • Blog
  • Journalists
+44 (0)20 7454 5110
from 8 AM - 5:30 PM GMT
  • Terms of Use
  • Privacy Policy
  • Information Security Policy
  • Site Map
  • RSS
  • Cookie Settings
Copyright © 2025 PR Newswire Europe Limited. All Rights Reserved. A Cision company.