Ransomware threats, which block access to data and then demand a reward, have become more common in recent years, and according to IT security specialists Bitdefender, the forecast for 2024 is that ransomware will persist and reach a stage maturity
While cybercriminals used to create cyberthreats for fun or to create chaos, today they are motivated by financial gain and the ability to turn attacks into a steady income.
Here are Bitdefender researchers’ predictions for the evolution of ransomware in 2024:
1. Ransomware opportunities through zero-day exploits are growing
In 2024, ransomware actors will remain more opportunistic and act immediately when new vulnerabilities are discovered. As companies take steps to prioritize remediation and rapid response, groups with richer resources will begin to invest in undetected (zero-day) software vulnerabilities. Ransomware threat groups will continue to target software in companies whose traditional service cycles create better opportunities for attackers. They typically take a more conservative approach to rolling out patches in stages, as opposed to fully automated mechanisms for updating applications to end users.
2. The process of identification and sorting of victims has been simplified
After hundreds or thousands of networks have been automatically compromised, a manual triage process follows. Selection is key in determining potential buyout payouts, taking into account factors such as industry or company size. Ransomware is the most affected by manufacturing, while the medical sector or legal firms remain more vulnerable to data theft. Game studios should be on their toes as attacks on them are likely to increase in 2024. Small and medium-sized businesses with limited capacity to pay the ransom are a source for launching attacks against other companies, often via VPN / VDI connections or compromising official email. addresses In this scenario, the most valuable thing for attackers is not what the organization has, but who knows. Exploitation of the vulnerability could compromise a company through its supply chain and various suppliers, although some do not directly use the affected application.
3. The ransomware code is being modernized
Ransomware continues to adopt Rust as their primary programming language, and this allows them to develop more secure code that is harder for security researchers to intercept. Instead of full file encryption, ransomware prefers periodic encryption and gradually moves to post-quantum encryption such as NTRU encryption.
Intermittent encryption involves encrypting part of a file and offers two important advantages: firstly, it becomes more difficult for a security solution to detect an attack due to the statistical similarity between a partially encrypted file and the original file, and secondly, the encryption process is faster and allows attackers to encrypt more files per a certain period of time.
4. Data theft is becoming more and more popular
Data encryption will continue to be part of the arsenal of sophisticated ransomware groups, but data theft and extortion will continue to become more common as these attacks bring much greater financial rewards. Unlike ransomware, data theft does not result in data destruction, allowing ransomware groups to pose as random penetration testers. In addition, victims can maintain the appearance of data privacy as attackers offer to manage such breaches stealthily. Cyber actors use legislation to force victims to accept higher ransom demands, and some victims prefer to pay the ransom to avoid fines or reputational damage.
5. Ransomware groups are becoming more sophisticated
The shift from generalists to security specialists is accelerated by the Ransomware-as-a-Service (RaaS) business model of these criminal groups, which actively recruits members with advanced skills and higher education. To maximize the value of redemption, a deep understanding of how organizations operate is critical, bringing to the fore the importance of cyber security, compliance and regulatory expertise. This opens new opportunities for non-technical professionals to join them as well. As ransomware threat groups rely more and more on specialists, their awareness and reputation will play an increasingly important role and can become a vulnerability.
6. Ransomware will prevent state-sponsored attacks
The growing sophistication of ransomware groups in 2024 will lead to widespread adoption of tools and techniques traditionally associated with government-sponsored threat actors. As companies implement effective defenses such as management, detection and response services, it will be much more difficult for state-sponsored groups to hide their activities, forcing them to rely on sophisticated, individualized cyber threats and sophisticated attack vectors, including supply chain attacks.
Recommendations to users
Bitdefender researchers expect 2024 to also be a year dominated by ransomware. But the business model of ransomware threats has changed significantly since 2017, so we’re in the middle of a transition right now.
Experts recommend that users stay abreast of the latest trends in cyber security and prioritize protection strategies such as implementing multi-layered security that includes threat prevention, detection and response capabilities.
Photo source: Dreamstime.com
Source: Hot News
Ashley Bailey is a talented author and journalist known for her writing on trending topics. Currently working at 247 news reel, she brings readers fresh perspectives on current issues. With her well-researched and thought-provoking articles, she captures the zeitgeist and stays ahead of the latest trends. Ashley’s writing is a must-read for anyone interested in staying up-to-date with the latest developments.