Carmine Squillace
Nov 15, 2023 • 3 min read
2024 Global Security Company Forecasts
The fight against ransomware attacks has intensified in the period from April 2022 to April 2023, according to the key findings of many reports.
In operational clouds, ransomware attacks have increased by about 37%, indicating a growing threat to enterprises worldwide. Worse, payloads observed in sandboxes increased by ca 57%. The number of ransomware extortion attacks, as measured by the number of infected victims, increased by about 36% during the same period.
Ransomware groups target companies from different industries and countries. The United States is the most affected country, with 40.34% of all victims affected by double extortion attacks, followed by Canada (6.75%), the United Kingdom (6.44%), Germany (4.92%), and France (3.89%).
The threat landscape is constantly evolving, and the emergence of encryptionless ransomware attacks is gaining momentum. This insidious approach presents a new challenge as attackers bypass encryption to directly access and compromise critical systems and data.
The manufacturing, service, and construction industries are increasingly targeted by ransomware attacks. Because these industries are known for their critical infrastructure and valuable intellectual property, they have become prime targets for cybercriminals seeking financial gain and disruption.
Enterprises must adopt a comprehensive zero-trust security strategy to combat the rising tide of increasingly sophisticated ransomware attacks. This approach includes implementing robust measures such as Zero Trust Network Access (ZTNA) architecture, granular segmentation, browser isolation, advanced sandboxing, data loss prevention, deception technology, and Cloud Access Security Broker (CASB) solutions. By implementing these proactive protections, enterprises can strengthen their security posture and effectively protect themselves from ransomware attacks.
2023-2024 Global security company forecasts
1. Encryptionless ransomware attacks:
Traditional ransomware encrypts a victim's files and demands a ransom for their release. However, more and more cybercriminals are moving to encryptionless ransomware attacks that focus on stealing sensitive data and threatening to expose it, rather than encrypting it. This approach brings a new level of complexity and challenges for cybersecurity professionals.
2. AI-powered ransomware attacks:
Ransomware groups are expected to increasingly leverage artificial intelligence (AI) capabilities-including chatbots, AI-developed malware code, machine learning algorithms, automated processes, and more-that will enable them to develop more sophisticated and efficient techniques, making it more difficult for traditional cybersecurity measures to detect and prevent such attacks. AI will also likely lower the barrier to ransomware development by less experienced threat actors.
3. Increased targeting of cyber-insured:
Cybercriminals are increasingly targeting companies with cyber-insurance coverage - a profitable trend that is likely to intensify over the next year. Attackers know that insured victims are more willing to pay ransom because they can trust the insurance company to cover the costs. This strategy aims to maximize the chances of successful ransom payments.
4. Increased attacks on public institutions:
Another trend that has increased in 2023 and is expected to continue is ransomware attacks on cities, states, municipalities, law enforcement agencies, schools, and other educational and public institutions. These entities often have very little security in place to protect critical data and systems, making them attractive targets for cybercriminals targeting easy payouts or valuable, easy-to-sell information. These types of attacks often result in significant disruption to critical public services and the exposure of large amounts of sensitive data. information, including personal data, financial data, private records, and more.
5. New Ransomware-as-a-Service (RaaS) offerings:
RaaS is a business model in which cybercriminals hire partners to compromise companies and deploy their ransomware. The vast majority of ransomware groups use RaaS, and this method has proven effective over the years, increasing the number of attacks every year.
6. Initial access brokers:
There has been an increase in the number of threat groups that penetrate an enterprise and then sell access to a ransomware group (or its affiliates). In this way, threat actors with penetration testing skills can profit from their work without having the expertise required to execute a large-scale ransomware and/or encryptionless extortion attack.
7. Attacks on cloud services:
As cloud computing and storage becomes more prevalent, ransomware attackers are likely to develop new types of ransomware and campaigns optimized for attacking cloud services and workflows. Compromising cloud environments can lead to widespread damage, business disruption, and theft of sensitive data, and can impact multiple users or organizations simultaneously. This possibility underscores the need for robust security measures and proactive defenses in cloud-based environments.
8. Attacks on additional operating systems and platforms:
Ransomware groups will continue to expand their arsenal to attack mission-critical servers running on non-Windows-based platforms. Threat actors have increasingly developed ransomware to encrypt files on Linux and ESXi servers, which often host databases, file servers and web servers. Some threat groups have also shown interest in developing ransomware for macOS.