Cyber Security
Black Kite Research Reveals Growing Persistence, Sophistication And Aggression Within Cybercrime Ecosystem
By GlobeNewswire
Share
Black Kite Research & Intelligence Team (BRITE) analysis of nearly 4,900 ransomware attacks sheds light on the evolving tactics of cybercriminals, their operations and the profound impact on victims worldwide
BOSTON, April 30, 2024 (GLOBE NEWSWIRE) -- Black Kite, the leader in third-party cyber risk intelligence, today published its annual report, based on primary research, State of Ransomware 2024: A Year of Surges and Shuffling, which reveals the increased persistence, sophistication and aggression within ransomware groups. According to the Black Kite Research & Intelligence Team (BRITE), there were a staggering 4,893 reported ransomware attacks from April 2023 through March 2024 — an 81% year-over-year increase. The United States was the most targeted country in the world. In fact, during this time, there were nearly as many attacks in the U.S. alone (approx. 2300) as there were globally in all of 2023 during the corresponding period.
The research by Black Kite’s BRITE group offers an unprecedented deep dive into the sophistication and interconnectedness of the ransomware ecosystem, breaking down the corporate-like structure of these cybercrime actors. The report — which offers analysis of more than 130 ransomware groups, their activities and their victims over a one-year period — sheds light on cybercriminals’ evolving tactics, their operations and the profound impact ransomware attacks have on victims worldwide.
“We are seeing an unrelenting surge in ransomware attacks in a world where cyber adversaries function like shadow enterprises. The sophistication of these groups rivals that of any Silicon Valley tech startup,” said Ferhat Dikbiyik, chief research and intelligence officer, Black Kite. “Law enforcement’s dismantling of notorious groups like AlphV has not discouraged operations. It merely caused them to refocus and realign, and in some cases join forces with other affiliated groups. This shift underscores the volatility within these illicit networks while highlighting the critical cybersecurity challenges organizations around the world face every day in threat detection and mitigation.”
Ransomware as a business and its emerging leaders
The report provides insight into talent acquisition and revenue structures — with operators typically retaining 20-30% and affiliates taking the lion’s share of revenue. The report discusses the rise and fall of established players like LockBit and how data supports a dynamic, thriving industry with multi-affiliate collaboration and bidding wars for affiliates. Emerging groups, such as Akira and 8base, are quickly climbing in power and authority. The Black Kitre report reveals that 9 of the top 15 most active groups are new entrants to the market.
Data indicates not just escalation but also acceleration of attacks, signaling the evolution and increasing aggressiveness of ransomware players. More than 100 companies were victimized by two groups and several were victimized by three groups. These attacks are happening in quicker succession — sometimes with mere days between attacks — indicating the ransomware groups are monitoring other groups’ activity so they can strike while a victim is still weak. Data also indicates that ransomware affiliates may work with multiple RaaS providers, leading to multiple payloads from different groups in a single environment.
Evolving ransomware victim profiles
The report offers a detailed analysis of victims and cybercriminals’ approaches to profiling and targeting. While previous years saw a focus on resource-rich organizations, ransomware groups are more frequently targeting organizations that offer critical human services and smaller companies with revenue under $20 million (nearly 1200 victims). As an example, healthcare jumped to the third most targeted industry with 273 victims. This is a startling number considering the profound impact caused by ransomware-related business disruptions and theft of patient health information (PHI), as evidenced by recent news of the $1.6 billion hit to United Health in the wake of the Change Healthcare attack. Notably, while 82 victims were hospitals, the rest were smaller physicians’ practices and medical officers, which often lacked robust cybersecurity defenses. However, manufacturing still leads with 1,016 victims, indicating the targeting of industries that are foundational to national economies.
Finally, the report takes a close look at cyber predator behavior and victim risk profiles. With a record number of vulnerabilities, zero day exploits were the top tactic of choice for many groups with credential stuffing following as the second most used strategy. More than 3,000 victims had at least one leaked credential in the 90 days prior to a ransomware attack. BRITE also leveraged Black Kite’s Ransomware Susceptibility Index® (RSI™) to evaluate victims’ risk posture prior to attacks and found that companies with an RSI score above .8 are 27 times more likely to experience a ransomware attack.
Through BRITE Black Kite actively monitors more than 130 ransomware groups, 67 of which published at least one victim in the time period analyzed. During this study, the team analyzed the attacks and victims by tracking their cybersecurity posture in the victims before and after the ransomware attack on the Black Kite platform. The team also monitors dark web blogs, hacker forums, and Telegram channels to track the evolving tactics and narratives of the ransomware groups in real time. The analysis is incorporated into the “State of Ransomware 2024,” report, along with tips for improving cyber risk and security posture. Ultimately, the report aims to empower organizations with the knowledge and insights needed to bolster their cybersecurity defenses and mitigate the risk of falling victim to ransomware extortion.
Download the report from Black Kite and learn more about ransomware risk.
About Black Kite
Black Kite gives companies a comprehensive, real-time view into cyber third-party risk so they can make informed and proactive risk decisions that help avoid business disruption, building resilience within their supply chain. With one-of-a-kind collaboration capabilities, companies can work directly with their vendors to report, mitigate, and minimize risk, improving their own business resilience as well as their vendors’ organizations.
Through an automated process, and a combination of threat, business, and risk information, Black Kite provides cyber risk detection and response capabilities that are accurate, fast, and transparent.
Black Kite serves more than 2,000+ customers in a wide range of industries and has received numerous industry awards celebrating the company’s vision, TPRM leadership and innovation as well as recognition from customers.
Learn more at www.blackkite.com, and on the Black Kite blog.
Copyright © 2024 Black Kite, Inc. All rights reserved. All other brand names, product names, or trademarks belong to their respective holders.
Media Contact:
Geena Pickering
Look Left Marketing
blackkite@lookleftmarketing.com
First published on Tue, Apr 30, 2024
Enjoyed what you've read so far? Great news - there's more to explore!
Stay up to date with the latest news, a vast collection of tech articles including introductory guides, product reviews, trends and more, thought-provoking interviews, hottest AI blogs and entertaining tech memes.
Plus, get access to branded insights such as informative white papers, intriguing case studies, in-depth reports, enlightening videos and exciting events and webinars from industry-leading global brands.
Dive into TechDogs' treasure trove today and Know Your World of technology!
Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs' members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs' Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. All information / content found on TechDogs' site may not necessarily be reviewed by individuals with the expertise to validate its completeness, accuracy and reliability.
Tags:
Related Content on Cyber Security
Related News on Cyber Security
Trellix Launches Xtend Global Channel Partner Program
Wed, Feb 8, 2023
By Business Wire
Kaspersky Exits US, Forcibly Switches Users To UltraAV
Wed, Sep 25, 2024
By TD NewsDesk
ExtraHop Presents Ratiodata With Gold Partner Status
Wed, May 10, 2023
By Business Wire
Seraphic Security Named As A 2023 SC Awards Finalist
Tue, May 23, 2023
By Business Wire
Related Events & Webinars on Cyber Security
Trending GlobeNewswire
Introducing Azure Managed Redis, A Fully-Managed Redis Offering For Microsoft Azure
By GlobeNewswire
Paperclip And Apeiron Gate Partner To Enhance Medical Summary Delivery
By GlobeNewswire
Toobit Unveils An All-New "A Bit More Than Crypto" Homepage & Exciting Features
By GlobeNewswire
Aitxs RAD To Announce Potentially Revolutionary AI-Based Security Innovation
By GlobeNewswire
OKX Launches Instant, Zero-Fee SGD Deposits And Withdrawals For Singapore Customers
By GlobeNewswire
Join Our Newsletter
Get weekly news, engaging articles, and career tips-all free!
By subscribing to our newsletter, you're cool with our terms and conditions and agree to our Privacy Policy.
Join The Discussion