Saltar a la navegación Saltar al contenido principal Ir al pie de página

NCC Group Monthly Threat Pulse - January 2024

20 febrero 2024

2024 marks the most active January for ransomware attacks in three years.

  • Total ransomware cases in January 2024 fell by 27% from December.
  • 8base (10%) and Akira (9%) climb the ladder towards most prominent threat actor.
  • Industrials (34%), Consumer Cyclicals (16%), and Technology (10%) were the most targeted sectors.
  • North America and Europe were targets for 86% of all cases.

 

February 2024 - In January 2024, global levels of ransomware attacks fell by 27% from December, with a total of 285 cases compared to 391 in the previous month, according to NCC Group's December Threat Pulse.

However, year-on-year ransomware attacks in January continue to rise. Data from January 2024 shows that levels of ransomware attacks were up 73% from 2023 and 138% from 2022, marking a steep upward trajectory of attack volume over the last three years.

8base and Akira climb the ladder toward the most prominent threat actor.

While Lockbit was responsible for 64 cases (22%), maintaining its position as the most prominent threat actor, 8Base (10%) and Akira (9%) climbed from fourth and eighth to second and third, respectively. This marks a notable increase from December.

Black Basta, BianLian, and Medusa are in fifth, sixth, and eighth positions with 19 cases (7%), 17 cases (6%), and 13 cases (5%), respectively. However, none of these groups were part of the top ten in December, marking a significant reshuffle of key players.

Attack numbers continue to fall across every region.

Unsurprisingly, North America and Europe remain the two most targeted regions in January, with 86% of global attacks between them. North America experienced 59% (169) of all attacks, down 15% from 199 in January. With 75 attacks in January, Europe saw a 34% decrease.

Asia is the third most targeted region for ransomware in January. The scale of the attacks the region observes, however, pales in comparison to Europe and North America. Asia suffered only 22 total attacks, down 41% from December's 47 attacks, representing under 8% of the global total.

Industrials dominate sector attacks.

January's top 4 sectors attracting ransomware attacks replicate those from December 2023, with Industrials dominating the landscape accounting for 34% (96) of the 285 attacks seen this month.

Consumer Cyclicals came in significantly lower in the second spot, with 16% (46); Technology is in third place with 10% (28), and Healthcare retained fourth position with 8% (24) of all attacks in January.

It is worth noting that this year the Industrials sector has started with a significantly higher volume of attacks (96), representing a 96% uplift year on year.

January's stats show that a whole range of sectors were vulnerable to attacks. Outside the top 4, Consumer Non-Cyclicals and Basic Materials rose significantly to 5th and 6th place, respectively.

Spotlight – Hydradynamics

Despite malware family Hydra's notable activity last month, January showed activity indicators going down. The numbers show only one "hydra head" as active, albeit persistently so, namely, an ongoing campaign targeting financial institutions in the DACH region.

Matt Hull, Global Head of Threat Intelligence at NCC Group, said:

"While the overall number of attacks has decreased compared to December 2023, it's essential to consider the historical context, as January tends to be a 'quieter' month. However, this is by no means an indicator of a 'quieter' year. We've already seen an incredibly active start to 2024 by threat groups, the most significant in three years.

The ransomware threat landscape remains dynamic, and ransomware attacks continue to evolve, with new tactics emerging and the potential impact of AI looming on the horizon."

Notes to editors-

About NCC Group:

NCC Group is a people-powered, tech-enabled global cyber security and software escrow business.

Driven by a collective purpose to create a more secure digital future, c2,000 colleagues across Europe, North America, and Asia Pacific harness their collective insight, intelligence, and innovation to deliver cyber resilience for over 14,000 clients across the public and private sectors.

With decades of experience and a rich heritage, NCC Group is committed to developing sustainable solutions that continue to meet clients' current and future cyber security challenges.

Monthly Cyber Threat Intelligence Webinar

Our team of experts keep a constant watch over the cyber and geopolitical landscape, so you don’t have to. Our monthly webinars give you further insight and exclusive access to what's happening now.

Join our Global Head of Threat Intelligence, Matt Hull, each month: