Dragos recently released its Q1 2024 ransomware report, which offers some cautiously optimistic findings:
- While ransomware remains the most widespread cybersecurity threat impacting industrial organizations, research from this past quarter shows a decline in activities targeting the industrial sector. Of the 77 ransomware groups known for their industrial attacks, only 22 were active.
- There were no significant operational disruptions caused by ransomware in the first quarter of 2024.
- Dragos attributes this drop in ransomware activity to two factors:
- Coordinated law enforcement missions focused on RaaS groups. This includes the recent actions taken against Lockbit, perhaps the most dangerous ransomware group for the industrial sector. This group, however, was still responsible for 26 percent of all ransomware attacks in the first quarter. Additionally, the Alphv/Blackcat group initiated a self-decommission of its infrastructure after stealing millions from an affiliate.
- Many of the most notorious RaaS groups have shifted their focus to the healthcare sector.
- The transportation sector represented 14.7 percent of all observed incidents.
- Industrial control systems (ICS) registered 12.4 percent of attacks.
- Oil and natural gas accounted for 4.3 percent, which is double the number of the incidents of the previous quarter.
- The water and wastewater sector was the victim of 1.7 percent of attacks.
- In addition to the primary industries and sectors mentioned above, Dragos observed 21 unique manufacturing subsectors impacted by ransomware during the first quarter of 2024, including Food and Beverage, Packaging, Chemicals, Pharmaceuticals and Aerospace.
Dragos also cited recommendations from the SANS Institute, and their five critical controls to ensure world-class ICS and OT cybersecurity:
- An ICS-focused incident response plan.
- A defensible architecture.
- OT network visibility and monitoring.
- Secure remote access.
- Risk-based vulnerability management.
To read more about the report and Dragos analysis of the findings, click here.