CASE STUDY y
y
The oil and natural gas sector had 1.9 % of alleged attacks ( four incidents ). The mining and government sectors had less than 1 % of the global alleged attacks each .
In addition to the primary industries and sectors mentioned above , Dragos observed 22 unique manufacturing sub-sectors impacted by ransomware during the fourth quarter of 2023 . The percentage breakdown as a part of all manufacturing incidents is as follows :
y Equipment : 20 % ( 27 incidents ) y Consumer : 12 % ( 16 incidents ) y Metals : 9 % ( 12 incidents ) y Automotive : 8.1 % ( 11 incidents ) y Food and beverage , Contraction and Chemical : 8 %
( six incidents ) y Pharmaceuticals , Electronic and plastic : 4.4 %
( six incidents ) y Packaging and Healthcare : 3.7 % ( five incidents ) y Aerospace , Glass , Agriculture and Textile : 2.2 %
( three incidents ) y Rubber , Maritime , Paper , Recycling and
Semiconductor : less than 1 % ( one incident )
Dragos ’ analysis of numerous ransomware data from the fourth quarter of 2023 indicates that the Lockbit 3.0 group was behind most attacks against industrial organisations , with 25.5 % ( or 52 incidents ) of observed ransomware events . The BlackBasta ransomware was second with 10.3 % ( or 21 incidents ). The following rounds out the observed ransomware group trends for the fourth quarter of 2023 :
The groups that Dragos observed in the third quarter but not in the fourth quarter of 2023 are as follows :
y Cloak y Ciphbit y Rancoz y Ransomed y Mallox y Everest y Cuba
Dragos observed the following ransomware groups for the first time in the fourth quarter of 2023 :
y Knight y Meowleaks y Threeam y Losttrust y Metaencryptor y Moneymessage
It is still being determined whether these new groups are in fact new or if they are reformed or rebranded from other ransomware groups .
Final words y AlphV was responsible for 6.8 % of incidents
( 14 incidents ) y 8Base and Play : 6.3 % each ( 13 incidents each ) y Losttrust was responsible for 5.4 % of incidents
( 11 incidents ) y Noescape was responsible for 4.4 % of incidents
( 9 incidents ) y Akira was responsible for 3.9 % of incidents
( eight incidents ) y Bianlian was responsible for 3.4 % of incidents
( seven incidents ) y Cactus , Inc Ransom , Qilin , Medusablog and
Regroup : 2.4 % each ( five incidents each ) y Cl0p and Knight : 1.9 % each ( four incidents each ) y Meowleaks was responsible for 1.4 % of incidents
( three incidents ) y Lorenz , Metaencryptor , Money message , Rhysida , Snatch and Trigona : less than 1 % each ( two incidents each )
The remaining ransomware groups were responsible for 1 % or less of incidents .
Looking forward , Dragos assesses with moderate confidence that the ransomware threat landscape will continue to evolve and marked by the emergence of new
ransomware variants . These developments are expected as ransomware groups strive to refine their attack methodologies , likely keeping zero-day vulnerabilities as
a key component in their operational toolkit .
Additionally , Dragos assesses with low confidence that ransomware groups may increasingly develop and deploy ransomware specifically designed to disrupt Operational Technology ( OT ) processes . This potential shift in focus towards OT processes could be driven by the continuous attempts of ransomware groups to exert greater pressure on victims to pay ransoms . By targeting critical OT processes , these groups could significantly amplify the impact of their attacks on industrial organisations . Such disruptions would not only affect operational capabilities but also compromise safety , thereby increasing level of urgency and potentially compelling victims to meet ransom demands more readily . p
www . intelligentcio . com INTELLIGENTCIO APAC 63