Intelligent CIO APAC Issue 46 | Page 61

Case

STUDY

Despite the relentless efforts of international law enforcement to combat ransomware , the battle persists with the fourth quarter of 2023 showcasing a dynamic landscape marked by both a decline in reported incidents and a surge in innovative tactics . Abdulrahman H . Almari , Senior Threat Analyst at Dragos , sheds light on the 2023 OT Cybersecurity Year in Review report which provides a panoramic view of the most significant cyber trends ,
threats and lessons learned during cybersecurity events of 2023 . He discusses ransomware groups embracing techniques like remote encryption , increasing the likelihood of successful attacks and engaging with the media to manipulate public perception .

Cyber battleground : Dragos ’ industrial ransomware analysis on the fight against ransomware

While international law enforcement ’ s relentless efforts have resulted in arrests and the dismantling of ransomware operations , the battle against ransomware groups continues unabated . During the fourth quarter of 2023 , we witnessed a slight decline in reported incidents yet saw a surge in actions that kept the ransomware threat landscape dynamic .

Ransomware groups consistently adapt by evolving their strategies , embracing new techniques and even reconfiguring or rebranding their operations to bolster their earnings and evade detection . Yet , international law enforcement has achieved noticeable results in fighting ransomware operations , including arresting members of ransomware groups – an example being the arrest of a Ragnar Locker developer in Paris after dismantling their infrastructure .
Additionally , the US Justice Department , in collaboration with international agencies and help from Germany , Denmark and Europol , disrupted the activities of the AlphaV ransomware group . The US Federal Bureau of Investigation ( FBI ) developed a decryption tool that aided over 500 victims , preventing approximately US $ 68 million in ransom payments . This operation is part of a broader initiative to combat major ransomware operations and apprehend key figures involved in global cyber disruptions .
As ransomware groups have consistently demonstrated their capacity to innovate and refine their methods , active groups such as LockBit , BlackCat , Royal and Akira adopted new techniques known as remote encryption or remote ransomware during the last quarter . This new technique involves compromising an endpoint connected to the victim ’ s network and using it to launch the ransomware attack within the victim ’ s environment , thereby increasing the likelihood of a successful attack . As Dragos assessed with moderate confidence in last quarter ’ s blog , ransomware groups continue to prioritise zero-day vulnerabilities in their operations . This strategic focus was evident in the actions of the LockBit ransomware group as it exploited a vulnerability known as ‘ Citrix Bleed ’ ( CVE-2023-4966 ) during its attacks . LockBit leveraged this flaw to hijack authenticated sessions , gaining temporary access to various targets , including Boeing ’ s parts and distribution business .
Abdulrahman H . Almari , Senior Threat Analyst , Dragos
www . intelligentcio . com INTELLIGENTCIO APAC 61