SecureWorks(US:SCWX) Prnewswire·2024-10-08 10:00Core Insights - The 2024 State of the Threat Report by Secureworks indicates a 30% year-over-year increase in active ransomware groups, highlighting a fragmented criminal ecosystem with 31 new groups emerging in the past year [1][3]. Ransomware Landscape - The report identifies LockBit as the most active ransomware group, accounting for 17% of victim listings, a decrease of 8% from the previous year, indicating the impact of law enforcement actions [1][3]. - PLAY, the second most active group, doubled its victim count year-over-year, while RansomHub, a new entrant, has quickly become the third most active group with 7% of the victim share [1][3]. - The median dwell time for ransomware attacks is reported at 28 hours, reflecting the evolving tactics of these groups [2]. Cybersecurity Trends - Law enforcement operations targeting groups like LockBit and BlackCat have significantly disrupted the ransomware landscape, leading to a 30% increase in active groups using "name and shame" leak sites [3]. - Despite the growth in ransomware groups, the number of victims has not increased at the same rate, suggesting a more fragmented and potentially less effective landscape for these new groups [3]. - Scan-and-exploit and stolen credentials remain the primary initial access vectors observed in ransomware engagements [3]. Emerging Threats - There is a notable increase in adversary-in-the-middle (AiTM) attacks, which pose a significant concern for cybersecurity defenders [3][5]. - The use of AI tools by cybercriminals is on the rise, with discussions on underground forums about leveraging AI for phishing and other malicious activities [6][7]. - A novel example of AI usage includes "obituary pirates" who exploit trending topics to create fraudulent content that directs users to malicious sites [8]. State-Sponsored Threat Activity - The report highlights significant activities from state-sponsored threat groups from China, Russia, Iran, North Korea, and Hamas, with geopolitical motives driving their actions [9]. - Chinese cyber activity continues to focus on information theft aligned with the objectives of the Chinese Communist Party, with recent indictments against members of the BRONZE VINEWOOD group [10]. - Iranian cyber operations are primarily politically motivated, targeting adversaries like Israel and the US, often using fake hacktivist personas for plausible deniability [11]. - North Korea's cyber activities focus on revenue generation through cryptocurrency theft and fraudulent employment schemes, particularly targeting the IT sector [12]. - The outbreak of the Israel-Hamas war has led to increased cyber activity from groups aligned with Hamas, primarily targeting Israel [13]. - Russian state-sponsored cyber activity remains aggressive, particularly in the context of the ongoing war in Ukraine, with a focus on critical infrastructure [14].