According to a recent report, Exploring the Depths: Analysis of the 2024 Ransomware Landscape and Insights for 2025 published by the IT-ISAC, the organization tracked approximately 3,500 ransomware incidents in 2024, up from 3,000 in 2023, with the top three critical infrastructure sectors impacted being critical manufacturing (733 attacks/20%), commercial facilities (614 attacks/17%) , and healthcare (332/9%) in 2024.
“As cybercriminals continue to evolve their methods, it is crucial for organizations to adopt a proactive, multi-layered defense strategy to keep their systems secure.
“These groups are leveraging advanced tactics and exploiting unknown vulnerabilities to maximize their impact,” said Scott Algeier, Executive Director of the IT-ISAC.
Based on current data and new threat actor TTPs observed by researchers, the IT-ISAC expects several key developments in 2025:
1. Continued Rise in Critical Sector Targeting
“As long as there is a high likelihood of the bad actors making money and a low likelihood of them getting caught, the attacks will certainly continue.”
2. Increased Use of Zero-Day Exploits
3. Continued Movement to Double Extortion and Data Theft
“Double extortion is particularly effective against industries handling sensitive data, such as Healthcare and Financial Services, where organizations face relentless pressure to maintain confidentiality and comply with HIPAA and GDPR regulations.”
4. AI-Powered Ransomware Evolution
“IT-ISAC warns of a recently identified FunkSec ransomware group that has built its ransomware using AI tools, which helps it evade security tools. The malware is capable of self-modifying its behavioral patterns and can change tactics in real-time by analyzing the target’s security posture. Despite only emerging at the end of 2024, 54 companies were attacked.”
5. Increasing Geographic Spread
“Countries with expanding digital infrastructures could face an increase in threats as they adopt new technologies.”
6. Continued Ransomware-as-a-Service (RaaS) Model Growth
“[…] particularly targeting organizations with less robust security measures, such as small and medium-sized.”
7. Enhanced Data Exfiltration Techniques
8. Supply Chain Attacks Become More Common
Jawahar Sivasankaran, President, Cyware:
“As threats evolve and attackers grow more sophisticated, timely and actionable cyber threat intelligence plays an increasingly important role in protecting organizations against leaks.
“Research shows that 72% of security professionals struggle with prioritizing vulnerabilities, delaying remediation efforts, and 17% of IT assets are invisible to vulnerability scans, leaving them exposed.
“Although competing organizations may be reluctant to work with each other, when it comes to cybersecurity, we really are stronger together. Taking part in collective defense efforts – such as by joining sector-specific Information Sharing and Analysis Centers (ISACs) and operational collaboration frameworks that leverage public-private partnerships – grants organizations greater visibility into exploitable vulns and threats the business faces, allowing for more efficient and effective threat intelligence management and proactive response.”
CIO’s and others should read this report as it will help them to focus on what they need to do to secure their environments. And they should also consider playing nice with others so to speak as that will help us all to be safer.
Like this:
Like Loading...
Related
This entry was posted on February 14, 2025 at 1:29 pm and is filed under Commentary with tags IT-ISAC. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
IT-ISAC offers 2025 predictions based on 2024 observations
According to a recent report, Exploring the Depths: Analysis of the 2024 Ransomware Landscape and Insights for 2025 published by the IT-ISAC, the organization tracked approximately 3,500 ransomware incidents in 2024, up from 3,000 in 2023, with the top three critical infrastructure sectors impacted being critical manufacturing (733 attacks/20%), commercial facilities (614 attacks/17%) , and healthcare (332/9%) in 2024.
“As cybercriminals continue to evolve their methods, it is crucial for organizations to adopt a proactive, multi-layered defense strategy to keep their systems secure.
“These groups are leveraging advanced tactics and exploiting unknown vulnerabilities to maximize their impact,” said Scott Algeier, Executive Director of the IT-ISAC.
Based on current data and new threat actor TTPs observed by researchers, the IT-ISAC expects several key developments in 2025:
1. Continued Rise in Critical Sector Targeting
“As long as there is a high likelihood of the bad actors making money and a low likelihood of them getting caught, the attacks will certainly continue.”
2. Increased Use of Zero-Day Exploits
3. Continued Movement to Double Extortion and Data Theft
“Double extortion is particularly effective against industries handling sensitive data, such as Healthcare and Financial Services, where organizations face relentless pressure to maintain confidentiality and comply with HIPAA and GDPR regulations.”
4. AI-Powered Ransomware Evolution
“IT-ISAC warns of a recently identified FunkSec ransomware group that has built its ransomware using AI tools, which helps it evade security tools. The malware is capable of self-modifying its behavioral patterns and can change tactics in real-time by analyzing the target’s security posture. Despite only emerging at the end of 2024, 54 companies were attacked.”
5. Increasing Geographic Spread
“Countries with expanding digital infrastructures could face an increase in threats as they adopt new technologies.”
6. Continued Ransomware-as-a-Service (RaaS) Model Growth
“[…] particularly targeting organizations with less robust security measures, such as small and medium-sized.”
7. Enhanced Data Exfiltration Techniques
8. Supply Chain Attacks Become More Common
Jawahar Sivasankaran, President, Cyware:
“As threats evolve and attackers grow more sophisticated, timely and actionable cyber threat intelligence plays an increasingly important role in protecting organizations against leaks.
“Research shows that 72% of security professionals struggle with prioritizing vulnerabilities, delaying remediation efforts, and 17% of IT assets are invisible to vulnerability scans, leaving them exposed.
“Although competing organizations may be reluctant to work with each other, when it comes to cybersecurity, we really are stronger together. Taking part in collective defense efforts – such as by joining sector-specific Information Sharing and Analysis Centers (ISACs) and operational collaboration frameworks that leverage public-private partnerships – grants organizations greater visibility into exploitable vulns and threats the business faces, allowing for more efficient and effective threat intelligence management and proactive response.”
CIO’s and others should read this report as it will help them to focus on what they need to do to secure their environments. And they should also consider playing nice with others so to speak as that will help us all to be safer.
Share this:
Like this:
Related
This entry was posted on February 14, 2025 at 1:29 pm and is filed under Commentary with tags IT-ISAC. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.