CASE STUDY
However , ransomware groups have expanded beyond technical innovations . They actively engage with the media to control the narrative surrounding their activities , courting journalists and providing press releases , FAQs and interviews to manipulate public perception . This calculated approach allows ransomware gangs to amplify their notoriety and exert pressure on victims , ultimately enhancing their profitability . This evolving trend presents a fresh set of challenges for cybersecurity defenders and incident responders who must incorporate effective communication strategies into their response plans to counter these cybercriminal tactics .
The threat landscape has also grown more complex due to ransomware groups ’ willingness to collaborate . While these collaborations may not directly impact industrial sectors , they are a worrisome development . Notably , instances of collaboration among ransomware groups – such as BianLian , White Rabbit and Mario Ransomware – teaming up to target financial services firms , underscores a concerning trend of cybercriminal networks working together for mutual gain . This growing cooperation poses potential risks to critical infrastructure and industrial sectors as cybercriminals continue to share tactics , techniques and potentially even vulnerabilities that could be leveraged in future attacks . ransomware information via public reports and information uploaded or appearing on dark websites . By their very nature , these sources report victims that were listed as targets and those that pay or otherwise ‘ cooperate ’ with the criminals and they do not necessarily cover all incidents that took place in the last quarter .
Two interesting observations from the fourth quarter of 2023 , compared to the previous quarters , were observable decreases in active ransomware groups and ransomware incidents impacting industrial organisations . Of the 77 ransomware groups that have historically attacked industrial organisations and infrastructure , only 32 were active in the last quarter and the number of ransomware incidents went from 231 to 204 over the same period . As of this time , Dragos is uncertain about the cause of this decrease in ransomware incidents between the third and fourth quarters of 2023 .
Although the number of ransomware incidents and Dark Web postings in the fourth quarter of 2023 was slightly less than in the third quarter of 2023 , the overall impact of these ransomware attacks against industrial organisations remains significant .
Regional impact observations , fourth quarter 2023 :
Ransomware operation impacts on industrial organisations
In the fourth quarter of 2023 , Dragos ’ assessment of increased business-impacting ransomware attacks against industrial organisations was validated , with incidents exhibiting more severe impacts when compared to earlier quarters . An example is the Lockbit attack in October 2023 which exploited the Citrix Bleed vulnerability , targeting Boeing ’ s core operations in parts and distribution . Furthermore , the Qilin ransomware group ’ s November cyberattack on Yanfeng , a Chinese automotive part company supplying interior components to global carmakers , disrupted operations to the extent that Stellantis had to halt production at its North American plants .
In addition , Dragos noticed other ransomware incidents impacted the operations of multiple organisations , such as :
y Paris Wastewater Agency ( SIAAP ) y y
American apparel company , VF Corporation The MPM Medical Supply company
Ransomware trends , patterns and observations
Dragos analyses ransomware variants used against industrial organisations worldwide and tracks y There were 87 ransomware incidents ( roughly 43 % of the observed 204 global ransomware attacks ) that impacted industrial organisations and infrastructure in North America , compared to 91 incidents in the previous quarter . Within North America , the US received over 37 % of all ransomware incidents , similar to last quarter . y Approximately 32 % of global ransomware incidents ( 67 in total ) impacted Europe , roughly the same percentage as observed in Q3 2023 . y Asia is next with 14.4 % or 30 incidents . y South America had 4.4 % totalling 9 incidents . y The Middle East had 2.5 % totalling five incidents . y Africa and Australia had 3 % totalling three incidents each . y Manufacturing was the most impacted industry during the fourth quarter of 2023 with 135 observed incidents in total or 66.1 %. The breakdown by sector is as follows : y The transportation sector was impacted 26 times , for a total of 12.7 % of all observed incidents , which is a 50 % increase compared to the previous sector . y The industrial control systems ( ICS ) equipment and engineering sector had 11.7 % of alleged attacks ( 24 incidents ). y The electric sector was impacted by 3.43 % of the alleged attacks ( seven incidents ). y The water and wastewater sector were the victim of 2.45 % of alleged attacks ( five incidents ).
62 INTELLIGENTCIO APAC www . intelligentcio . com