OpenText has unveiled its “Nastiest Malware of 2024” report, a yearly list that ranks the most insidious cyber threats worldwide. Now in its seventh year, this much-anticipated report illuminates the expanding cyber threat landscape.
For 2024, OpenText’s cybersecurity team has highlighted ransomware as the dominant force, especially targeting critical infrastructure and essential industries.
As technology continues to advance, so do these malicious actors. The current landscape reflects an ecosystem of cyber threats that adapt and evolve with disturbing speed. This year’s findings send a clear warning: the frequency and sophistication of ransomware attacks will only rise.
According to OpenText, organizations plan to increase their cybersecurity budgets by 14.3% this year, pushing global spending over $215 billion.
As cybercriminals become bolder, organizations worldwide are realizing the cost of unpreparedness.
This year’s number one cyber threat is LockBit, an infamous ransomware-as-a-service (RaaS) group. It retains its top position for another year due to its relentless attacks and immunity to law enforcement crackdowns.
LockBit’s ambition extends beyond damaging systems—it aims to compromise one million businesses before winding down its operations.
LockBit’s resilience has earned it a disturbing reputation. In 2023 alone, the FBI attributed 175 critical infrastructure attacks to LockBit. This persistence underlines the challenges law enforcement faces against highly organized ransomware groups.
Majzoub, Chief Product Officer, noted that cybercriminals now use AI to create more targeted, sophisticated threats, endangering public safety and national security.
Muhi Majzoub emphasized the dangers of these ransomware attacks. “Ransomware attacks on critical infrastructure are rising,” he said.
However, he sees a silver lining. Increased attention on ransomware means organizations are becoming more proactive. The rise in cybersecurity investments shows businesses and governments recognize the need to protect essential services.
While LockBit dominates the threat landscape, other groups are also emerging. New players in the cybercrime world bring fresh approaches to their operations. Among these, Akira has quickly made a name for itself as a new ransomware-as-a-service player.
Akira stands out on the dark web with its bold, 80s-themed branding. However, it’s not just a flashy newcomer. Akira uses ruthless encryption tactics and operates with rapid deployment, making it especially dangerous to the healthcare, manufacturing, and finance sectors.
Akira’s activity has quickly earned affiliates’ trust, especially those focused on high-value targets. This rapid ascent shows how easy it is for new groups to establish themselves by targeting critical industries. In the hands of such a group, ransomware isn’t just a threat—it’s a business model with specific, industry-aligned goals.
Another notable entry is RansomHub. Experts suspect it may have ties to the infamous Black Cat group, ALPHV. RansomHub has already gained notoriety by targeting significant organizations, such as Planned Parenthood.
Its attack on Planned Parenthood was particularly concerning. RansomHub stole sensitive patient data and threatened public exposure, pushing ethical boundaries. This kind of threat reflects an alarming trend toward targeting businesses and individuals.
Meanwhile, Dark Angels takes a more targeted, high-stakes approach. It aims for Fortune 50 companies and other large organizations. This group has secured ransom payments as high as $75 million, underscoring its success and sophistication.
Unlike others, Dark Angels focuses on infiltrating top-tier targets. It uses advanced tactics to bypass traditional security measures, earning its spot among 2024’s most dangerous cyber threats.
Not all significant threats this year are ransomware. Some groups specialize in different forms of cybercrime, creating headaches for businesses across sectors. Redline Stealer exemplifies this shift with its focus on credential theft.
Redline isn’t ransomware, but it’s no less dangerous. This malware steals login credentials and sensitive information with precision. It often goes undetected, allowing cybercriminals to access and exfiltrate valuable data.
The stolen credentials become tools for secondary attacks or are sold on the dark web. This type of malware can fly under the radar, making it challenging to detect and combat.
Redline Stealer’s ability to evade detection highlights the diversity of threats that cybersecurity teams must confront.
Another rising threat, Play Ransomware, has made its mark with versatility. This group targets the public and private sectors, making it unpredictable and adaptable. Play ransomware exploits vulnerabilities in FortiOS and Remote Desktop Protocol (RDP) servers to breach systems.
This group’s adaptability has kept its targets on high alert. Play ransomware’s evolving tactics exemplify the need for constant vigilance and updated defenses. For organizations, defending against such a versatile threat requires continuous monitoring and robust patch management.
One of the most unsettling trends of 2024 is cybercriminals’ use of artificial intelligence (AI). AI allows them to create highly personalized, adaptive attacks that evade traditional security measures.
Polymorphic malware, powered by AI, has become increasingly common. This type of malware can constantly change its code, making it difficult to detect. For cybersecurity teams, defending against AI-driven attacks requires dynamic and adaptive strategies.
AI-driven threats demand more than traditional defense mechanisms. These evolving threats create a daunting challenge for organizations trying to keep their systems secure.
As cyber criminals embrace AI, businesses must adopt equally advanced measures.
In response to these rising threats, businesses are expected to increase cybersecurity spending in 2024. The projected increase of 14.3% highlights the urgency felt across industries. This year’s cybersecurity investments will exceed $215 billion as organizations work to safeguard their networks.
Cybersecurity professionals emphasize the need for a proactive approach. Defending against threats isn’t just about response but continuous threat monitoring and prevention.
Organizations must also invest in training and adopting a zero-trust framework that limits internal access.
Cybercriminals are becoming more inventive, bypassing even the most advanced defenses. OpenText’s “Nastiest Malware of 2024” report warns of more robust, proactive defenses. Organizations that fail to invest in these measures risk severe losses and reputational damage.
This year’s list includes the following major malware threats:
- LockBit: Leading the pack, LockBit aims to target one million businesses, remaining immune to FBI crackdowns.
- Akira: Akira, a new RaaS player, is causing havoc in healthcare, finance, and manufacturing with aggressive encryption tactics.
- RansomHub: Possibly connected to Black Cat, RansomHub gained attention by attacking Planned Parenthood and ransoming sensitive patient data.
- Dark Angels: Known for high-stakes attacks, Dark Angels has secured ransoms of up to $75 million from Fortune 50 targets.
- Redline Stealer: An information-stealing malware, Redline specializes in credential theft, causing problems across various sectors.
- Play ransomware: This adaptable group targets the public and private sectors by exploiting vulnerabilities in FortiOS and RDP servers.
These threats represent a wide range of tactics and targets. For many, the key is adaptability—whether through AI, specialized ransomware models, or unique infiltration methods.
As OpenText’s report shows, cybercriminals continue to innovate in both tools and tactics. This year’s rise in ransomware, information-stealers, and AI-driven threats reveals the dark potential of advanced technology.
While businesses and governments face mounting challenges, the report underscores the need for collective, ongoing efforts to combat these threats.
Technology’s rapid advancement brings new risks, and the stakes have never been higher with ransomware. But as organizations increase their cybersecurity investments, there is hope.
By staying vigilant and proactive, businesses can face the future with more robust defenses, knowing that OpenText’s annual list reminds them of the risks and the resolve needed to combat them.