The Outpost is a comprehensive collection of curated artificial intelligence software tools that cater to the needs of small business owners, bloggers, artists, musicians, entrepreneurs, marketers, writers, and researchers.
© 2025 TheOutpost.AI All rights reserved
Curated by THEOUTPOST
On Tue, 8 Oct, 4:06 PM UTC
2 Sources
[1]
Active Ransomware Threat Groups Up 30% in 2024
Secureworks annual State of The Threat Report outlines cybercriminals response as law enforcement operations successfully cause widespread disruption to ransomware operations ATLANTA, Oct. 8, 2024 /PRNewswire/ -- Secureworks (NASDAQ: SCWX) 2024 State of the Threat Report has revealed a 30% year-over-year rise in active ransomware groups, which demonstrates fragmentation of an established criminal ecosystem. 31 new groups entered the ransomware ecosystem during the last 12 months, and based on numbers of victims listed the three most active groups are: A landscape previously dominated by a few, is now home to a broader set of emerging ransomware players. As smaller groups look to become established, it means there is less repeatability and structure in how they operate and organizations need to continue to remain alert for a wider variety of tactics. This year's median dwell time of 28 hours reflects the newness of these partnerships. While some clusters of groups are executing fast 'smash-and-grab' attacks within hours, others spend hundreds of days in networks in the most extreme cases. As the new ecosystem continues to take shape, we can expect to see further variation and shifts in dwell times and methodology. "Ransomware is a business that is nothing without its affiliate model. In the last year, law enforcement activity has shattered old allegiances, reshaping the business of cybercrime. Originally chaotic in their response, threat actors have refined their business operations and how they work. The result is a larger number of groups, underpinned by substantial affiliate migration," said Don Smith, VP Threat Intelligence, Secureworks Counter Threat Unitâ„¢ (CTUâ„¢). "As the ecosystem evolves, we have entropy in threat groups, but also unpredictability in playbooks, adding significant complexity for network defenders." AiTM and AI as Growing Threats In the past year, threat actors are increasingly stealing credentials and session cookies to gain access by using AiTM attacks. This potentially reduces the effectiveness of some types of MFA, a worrying trend for network defenders. These attacks are facilitated and automated by phishing kits that are available for hire on underground marketplaces and Telegram. Popular kits include Evilginx2, EvilProxy and Tycoon2FA. As AI tools have become widespread and readily available, it was inevitable that cybercriminals would take note as they look to scale. Since mid-February 2023, Secureworks CTU researchers have observed an increase in posts on underground forums about OpenAI ChatGPT and how it can be employed for nefarious purposes. Much of the discussion relates to relatively low-level activity including phishing attacks and basic script creation. "The cybercrime landscape continues to evolve, sometimes minor, occasionally more significant. The growing use of AI lends scale to threat actors, however the increase of AiTM attacks presents a more immediate problem for enterprises, reinforcing that identity is the perimeter and should cause enterprises to take stock and reflect on their defensive posture," continued Smith. One novel example of AI being used by threat actors, as observed by Secureworks researchers, was the role it played in a fraud perpetrated by so-called obituary pirates. Threat actors monitored Google trends following a death to identify interest in obituaries and then used generative AI to create lengthy tributes on sites that were manipulated to the top of Google search results by SEO poisoning. They then directed users to other sites pushing adware or potentially unwanted programs. State-Sponsored Threat Activity - A Summary The report also examines the significant activities and trends in the behavior of state-sponsored threat groups belonging to China, Russia, Iran, and North Korea. This year, we are also including threat group activity from Hamas, which has seen a notable increase since the outbreak of the Israel-Hamas war, now spilling over into the public domain and our aperture. The primary drivers for these countries are geopolitical. China: Chinese cyber activity has continued to track with previous Secureworks observations. Their aims are broadly focused on information theft for political, economic, and military gain. Much of this activity targeted at industrial sectors that align with the high-level objectives of the Chinese Communist Party's (CCP) Five Year Plan. In October 2023, the heads of the US, UK, Australian, Canadian, and New Zealand security agencies warned of the "epic scale" of Chinese espionage. State-sponsored threat actors were not immune to the law enforcement activity. In March 2024, the US State Department unsealed indictments against seven named individuals all part of the BRONZE VINEWOOD threat group. The indictments contain details of an extensive campaign of intrusions committed by the group over more than a decade of malicious activity. In the same month, the UK government stated that China was responsible for two malicious campaigns against the UK Electoral Commission between 2021 and 2022. However, no information was released about the group responsible. Iran: Iranian internal and external cyber activity remained driven by its political imperatives. Internationally, Iran primarily focuses on Israel, regional adversaries including Saudi Arabia, United Arab Emirates and Kuwait, and the US. Iran makes regular use of fake hacktivist personas to target enemies, allowing itself plausible deniability. There are two primary Iranian sponsors of cyber activity: the Islamic Revolutionary Guard Corp (IRGC) and the Ministry of Intelligence and Security (MOIS). North Korea: North Korean threat actors continued their pursuit of revenue generation via cryptocurrency theft and sophisticated fraudulent employment schemes to gain access to Western jobs. They were persistent in targeting the IT sector and weaknesses in the supply chain. There was a major focus on entities in the US, South Korea, and Japan. These activities were set within the geopolitical context of an increased willingness on the part of North Korea to work with Russia and Iran, with the intent to foster relations with countries that are prepared to confront related, perceived enemies despite international sanctions. Hamas: Secureworks tracks three threat groups: ALUMINUM SHADYSIDE, ALUMINUM SARATOGA and ALUMINUM THORN considered to be aligned with Hamas, the militant group that governs the Gaza Strip. The outbreak of the Israel-Hamas war in October 2023 led to an uptick of cyber activity targeted at Israel and countries perceived to be aligned with them. However, much of that activity is thought to have been the work of hacktivist groups and personas masquerading as Palestinian but more likely linked to Iran or Russia. Russia: The war in Ukraine continues to drive Russian state-sponsored cyber activity, both in Ukraine and abroad. Groups associated with all three of Russia's intelligence agencies were active throughout the past year. CTU researchers assess that Russia's most aggressive use of cyber capabilities in sabotage operations will remain focused on critical infrastructure targets within Ukraine. One notable example of this kind of activity this year was IRON VIKING's cyber espionage attacks against battlefield control systems used by Ukrainian defense forces. State of the Threat Report 2024 This 8 edition of Secureworks State of the Threat Report provides a concise analysis of how the global cybersecurity threat landscape has evolved over the last 12 months. The information within the report is drawn from the Secureworks CTU firsthand observations of threat actor tooling and behaviors and includes actual incidents. Our annual threat analysis provides a deep dive insight into the threats our team has observed on the front line of cybersecurity. The Secureworks State of the Threat Report can be read in full here: https://www.secureworks.com/resources/rp-state-of-the-threat-2024 About Secureworks Secureworks (NASDAQ: SCWX) is a global cybersecurity leader that secures human progress with Secureworks Taegisâ„¢, a SaaS-based, open XDR platform built on 20+ years of real-world detection data, security operations expertise, and threat intelligence and research. Taegis is embedded in the security operations of thousands of organizations around the world who use its advanced, AI-driven capabilities to detect advanced threats, streamline and collaborate on investigations, and automate the right actions. Connect with Secureworks via LinkedIn and Facebook or Read the Secureworks Blog View original content to download multimedia:https://www.prnewswire.com/news-releases/active-ransomware-threat-groups-up-30-in-2024-302267728.html
[2]
Active Ransomware Threat Groups Up 30% in 2024 By Investing.com
Secureworks annual State of The Threat Report outlines cybercriminals response as law enforcement operations successfully cause widespread disruption to ransomware operations , /PRNewswire/ -- Secureworks (NASDAQ: SCWX) 2024 State of the Threat Report has revealed a 30% year-over-year rise in active ransomware groups, which demonstrates fragmentation of an established criminal ecosystem. 31 new groups entered the ransomware ecosystem during the last 12 months, and based on numbers of victims listed the three most active groups are: A landscape previously dominated by a few, is now home to a broader set of emerging ransomware players. As smaller groups look to become established, it means there is less repeatability and structure in how they operate and organizations need to continue to remain alert for a wider variety of tactics. This year's median dwell time of 28 hours reflects the newness of these partnerships. While some clusters of groups are executing fast 'smash-and-grab' attacks within hours, others spend hundreds of days in networks in the most extreme cases. As the new ecosystem continues to take shape, we can expect to see further variation and shifts in dwell times and methodology. "Ransomware is a business that is nothing without its affiliate model. In the last year, law enforcement activity has shattered old allegiances, reshaping the business of cybercrime. Originally chaotic in their response, threat actors have refined their business operations and how they work. The result is a larger number of groups, underpinned by substantial affiliate migration," said , VP Threat Intelligence, Secureworks Counter Threat Unitâ„¢ (CTUâ„¢). "As the ecosystem evolves, we have entropy in threat groups, but also unpredictability in playbooks, adding significant complexity for network defenders." Aiâ„¢ and AI as Growing Threats In the past year, threat actors are increasingly stealing credentials and session cookies to gain access by using Aiâ„¢ attacks. This potentially reduces the effectiveness of some types of MFA, a worrying trend for network defenders. These attacks are facilitated and automated by phishing kits that are available for hire on underground marketplaces and Telegram. Popular kits include Evilginx2, EvilProxy and Tycoon2FA. As AI tools have become widespread and readily available, it was inevitable that cybercriminals would take note as they look to scale. Since , Secureworks CTU researchers have observed an increase in posts on underground forums about OpenAI ChatGPT and how it can be employed for nefarious purposes. Much of the discussion relates to relatively low-level activity including phishing attacks and basic script creation. "The cybercrime landscape continues to evolve, sometimes minor, occasionally more significant. The growing use of AI lends scale to threat actors, however the increase of Aiâ„¢ attacks presents a more immediate problem for enterprises, reinforcing that identity is the perimeter and should cause enterprises to take stock and reflect on their defensive posture," continued Smith. One novel example of AI being used by threat actors, as observed by Secureworks researchers, was the role it played in a fraud perpetrated by so-called obituary pirates. Threat actors monitored Google (NASDAQ:GOOGL) trends following a death to identify interest in obituaries and then used generative AI to create lengthy tributes on sites that were manipulated to the top of Google search results by SEO poisoning. They then directed users to other sites pushing adware or potentially unwanted programs. State-Sponsored Threat Activity " A Summary The report also examines the significant activities and trends in the behavior of state-sponsored threat groups belonging to , , , and . This year, we are also including threat group activity from Hamas, which has seen a notable increase since the outbreak of the Israel-Hamas war, now spilling over into the public domain and our aperture. The primary drivers for these countries are geopolitical. : Chinese cyber activity has continued to track with previous Secureworks observations. Their aims are broadly focused on information theft for political, economic, and military gain. Much of this activity targeted at industrial sectors that align with the high-level objectives of the Chinese Communist Party's (CCP) Five Year Plan. In , the heads of the US, , Australian, Canadian, and security agencies warned of the "epic scale" of Chinese espionage. State-sponsored threat actors were not immune to the law enforcement activity. In , the US State Department unsealed indictments against seven named individuals all part of the BRONZE VINEWOOD threat group. The indictments contain details of an extensive campaign of intrusions committed by the group over more than a decade of malicious activity. In the same month, the government stated that was responsible for two malicious campaigns against the UK Electoral Commission between 2021 and 2022. However, no information was released about the group responsible. North Korean threat actors continued their pursuit of revenue generation via cryptocurrency theft and sophisticated fraudulent employment schemes to gain access to Western jobs. They were persistent in targeting the IT sector and weaknesses in the supply chain. There was a major focus on entities in the US, , and . These activities were set within the geopolitical context of an increased willingness on the part of to work with and , with the intent to foster relations with countries that are prepared to confront related, perceived enemies despite international sanctions. Hamas: Secureworks tracks three threat groups: ALUMINUM SHADYSIDE, ALUMINUM SARATOGA and ALUMINUM THORN considered to be aligned with Hamas, the militant group that governs the . The outbreak of the Israel-Hamas war in led to an uptick of cyber activity targeted at and countries perceived to be aligned with them. However, much of that activity is thought to have been the work of hacktivist groups and personas masquerading as Palestinian but more likely linked to or . : The war in continues to drive Russian state-sponsored cyber activity, both in and abroad. Groups associated with all three of intelligence agencies were active throughout the past year. CTU researchers assess that most aggressive use of cyber capabilities in sabotage operations will remain focused on critical infrastructure targets within . One notable example of this kind of activity this year was IRON VIKING's cyber espionage attacks against battlefield control systems used by Ukrainian defense forces. State of the Threat Report 2024 This 8 edition of Secureworks State of the Threat Report provides a concise analysis of how the global cybersecurity threat landscape has evolved over the last 12 months. The information within the report is drawn from the Secureworks CTU firsthand observations of threat actor tooling and behaviors and includes actual incidents. Our annual threat analysis provides a deep dive insight into the threats our team has observed on the front line of cybersecurity. The Secureworks State of the Threat Report can be read in full here: https://www.secureworks.com/resources/rp-state-of-the-threat-2024 About Secureworks Secureworks (NASDAQ: SCWX) is a global cybersecurity leader that secures human progress with Secureworks Taegisâ„¢, a SaaS-based, open XDR platform built on 20+ years of real-world detection data, security operations expertise, and threat intelligence and research. Taegis is embedded in the security operations of thousands of organizations around the world who use its advanced, AI-driven capabilities to detect advanced threats, streamline and collaborate on investigations, and automate the right actions.
Share
Share
Copy Link
Secureworks' 2024 State of the Threat Report reveals a significant rise in ransomware groups, changes in attack strategies, and the increasing use of AI in cybercrime, highlighting new challenges for cybersecurity.
Secureworks' 2024 State of the Threat Report has unveiled a significant shift in the ransomware ecosystem. The report indicates a 30% year-over-year increase in active ransomware groups, with 31 new entities entering the scene in the past 12 months 12. This surge reflects a fragmentation of the established criminal ecosystem, largely attributed to successful law enforcement operations that have disrupted major ransomware operations.
The ransomware landscape, once dominated by a few major players, now hosts a broader array of emerging groups. This diversification has led to less predictability in attack methodologies, presenting new challenges for organizations. The median dwell time for attacks has been recorded at 28 hours, though there's considerable variation, with some groups executing rapid "smash-and-grab" attacks while others maintain prolonged network presence 1.
Don Smith, VP Threat Intelligence at Secureworks Counter Threat Unitâ„¢ (CTUâ„¢), emphasized the evolving nature of the ransomware business model: "Ransomware is a business that is nothing without its affiliate model. In the last year, law enforcement activity has shattered old allegiances, reshaping the business of cybercrime" 1.
The report highlights two significant technological trends in cybercrime:
AiTM (Adversary-in-the-Middle) Attacks: Threat actors are increasingly using AiTM attacks to steal credentials and session cookies, potentially undermining multi-factor authentication (MFA) systems. These attacks are facilitated by phishing kits available on underground marketplaces and platforms like Telegram 12.
Artificial Intelligence in Cybercrime: Since mid-February 2023, there has been a notable increase in discussions about leveraging AI tools like OpenAI's ChatGPT for malicious purposes on underground forums. While much of this activity focuses on low-level tasks such as phishing and basic script creation, more sophisticated applications are emerging 12.
One innovative example of AI use in cybercrime involves "obituary pirates." These threat actors monitor Google trends following deaths, use generative AI to create lengthy tributes, and manipulate search results through SEO poisoning. This tactic directs users to sites containing adware or potentially unwanted programs 12.
The report also provides insights into state-sponsored cyber activities:
China: Continues to focus on information theft for political, economic, and military gain, aligning with the Chinese Communist Party's Five Year Plan objectives 12.
Iran: Primarily targets Israel, regional adversaries, and the US, often using fake hacktivist personas for plausible deniability 1.
North Korea: Pursues revenue generation through cryptocurrency theft and sophisticated fraudulent employment schemes, targeting the IT sector and supply chain weaknesses 2.
Hamas: Three threat groups associated with Hamas have been identified, marking an increase in activity since the outbreak of the Israel-Hamas conflict 2.
The evolving landscape of ransomware and the increasing role of AI in cybercrime present significant challenges for network defenders. Organizations must adapt to a wider variety of tactics and remain vigilant against an expanding array of threat actors. The rise of AiTM attacks particularly underscores the need for robust identity protection measures beyond traditional MFA systems 12.
Reference
[1]
[2]
Acronis' latest cybersecurity report reveals a staggering 293% increase in email attacks and highlights the growing threat of AI-powered cyberattacks. The report emphasizes the need for enhanced cybersecurity measures in an evolving threat landscape.
2 Sources
2 Sources
Check Point Software's annual report highlights a significant increase in cyber-attacks, the rising role of AI in cybercrime, and provides key insights for cybersecurity professionals to navigate the evolving threat landscape.
2 Sources
2 Sources
As ransomware attacks evolve, cybersecurity experts turn to AI-based solutions. The integration of artificial intelligence in security postures marks a significant shift in the fight against sophisticated cyber threats.
3 Sources
3 Sources
A new study reveals that UK businesses are increasingly adopting an orchestrated approach to cybersecurity in response to growing cyber threats. The research highlights the importance of collaboration and integrated security measures in protecting against sophisticated attacks.
2 Sources
2 Sources
CrowdStrike's latest report reveals a 150% increase in China-linked cyberattacks and a significant rise in AI-powered threats, highlighting evolving cybersecurity challenges for 2025.
6 Sources
6 Sources
