The ransomware wave of 2024, fueled by law enforcement hacks at giants like LockBit, has shifted to focus on critical operations, with major attacks this year hitting targets like Halliburton, TfL, and the Arkansas water agency.
Dragos’ research for the third quarter of 2024 highlighted an increase in activity from new groups such as RansomHub, Play, and Fog, all of which exploit VPN flaws and stolen credentials to gain access to critical systems using living-of-the- land (LOTL) strategies.
“From traditional financial extortion to active destruction, especially by hacktivists, the vulnerability of ransomware is compounded,” Dragos said in the report. “This confluence of motives further blurs the line between cybercrime and cyberwarfare, requiring improved defenses of ICS and OT environments.”
Source link