Critical infrastructure in crosshairs as ransomware attacks soar

0
16


Ransomware attacks have surged to record levels since NCC Group began monitoring in 2021, with critical infrastructure in the crosshairs.

According to NCC Group’s latest December Threat Pulse, a total of 574 ransomware attacks were recorded last month—a slight increase from November’s 565 attacks and a dramatic rise from the 387 attacks recorded in December 2023.

Newly-identified extortion group named Funksec topped December’s leaderboard for ransomware activity, accounting for 103 attacks. The group’s rapid ascent is attributed to its capability to target multiple sectors across the globe.

Following Funksec, CL0P ranked as the second most active group with 68 attacks. Akira was in third place with 43 while a relatively new actor, RansomHub, was close behind with 41 attacks.

Regional and sectoral targets for ransomware attacks

North America remained the most targeted region globally, suffering 300 attacks (52% of the total). Although still leading the global tally, this represents a slight decrease from November’s figure of 326. Europe was the second most affected region, experiencing 100 attacks (18%).

Asia, however, saw a significant uptick in ransomware activity, rising from 58 recorded attacks in November to 92 in December. This brought its share of global attacks to 16%.

South America reported a more modest increase, with attacks climbing from 35 to 40. Africa also saw a slight rise in activity, recording 18 attacks in December.

The industrials sector continued to be the most targeted in December, logging 136 attacks—nearly a quarter of all recorded incidents globally. This trend reinforces concerns about the vulnerability of critical national infrastructure (CNI) to ransomware threats.

The consumer discretionary sector followed in second place with 107 recorded attacks, while the information technology sector claimed third with 78 attacks.

Black Basta targets BT

Perhaps the most prominent ransomware attack in December involved Black Basta’s alleged breach of telecoms giant BT. The group claimed to have exfiltrated 500GB of sensitive data in the attack, which underscores the increasing threat to critical national infrastructure.

While the operational impact on BT was reportedly limited, Black Basta’s evolved tactics – ranging from spear-phishing via Teams and Skype to the use of botnets like DarkGate and ZBot – demonstrate the growing sophistication of cybercriminal methods. The group is also known for employing double extortion techniques, further highlighting the evolving landscape of ransomware threats.

“The BT incident serves as a stark reminder of the risks posed to critical national infrastructure,” said NCC Group in its report. “Groups like Black Basta are advancing their operations at an alarming pace, emphasising the need for proactive measures to protect against these adaptable threats.”

More frequent and widespread ransomware attacks

December has historically been a quieter month for ransomware attacks, but this year’s record-breaking figures challenge that trend.

Ian Usher, Associate Director of Threat Intelligence Operations and Service Innovation at NCC Group, said: “December is usually a much quieter time for ransomware attacks, but last month saw the highest number of ransomware attacks on record, turning that pattern on its head.

“The rise of new and aggressive actors, like Funksec – who have been at the forefront of these attacks – is alarming and suggests a more turbulent threat landscape heading into 2025. If ransomware groups are becoming bolder and more advanced, we can expect more frequent and widespread attacks, putting every sector and region at risk.”

Usher urged organisations to reassess their cybersecurity protocols in light of the findings.

“The data should serve as a wake-up call. No organisation is immune, and the best defence is to stay ahead of the curve,” says Usher. “Companies need to double down on their cybersecurity measures and ensure that their teams are trained and prepared to evolve with the changing nature of ransomware threats.”

The record-breaking levels of ransomware attacks seen in late 2024 paint a concerning picture for the year ahead. The emergence of new threat actors, increasing sophistication of attack methods, and the targeting of critical infrastructure suggest that organisations must remain vigilant.

Strengthening cybersecurity measures, investing in advanced technologies, and prioritising employee training will be key defences in the continued fight against ransomware threats in 2025.

(Image by Vishnu Vijayan)

See also: Jen Easterly, CISA: Critical infrastructure threats are increasing

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including Digital Transformation Week, IoT Tech Expo, Blockchain Expo, and AI & Big Data Expo.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: critical infrastructure, cyber security, cybersecurity, hacking, infosec, Networks, ransomware, Security, telecoms


👇Follow more 👇
👉 bdphone.com
👉 ultractivation.com
👉 trainingreferral.com
👉 shaplafood.com
👉 bangladeshi.help
👉 www.forexdhaka.com
👉 uncommunication.com
👉 ultra-sim.com
👉 forexdhaka.com
👉 ultrafxfund.com
👉 bdphoneonline.com
👉 dailyadvice.us

LEAVE A REPLY

Please enter your comment!
Please enter your name here