A recent report from cybersecurity firm Dargos shows that, in the last quarter of 2024, the manufacturing sector suffered the most attacks, specifically ransomware.
Regional analysis shows that North America experienced the most attacks, with 334 recorded incidents. Europe follows the chart with 146 attacks, followed by Asia with 69 attacks.
The African continent suffered the fewest attacks, with 7, representing under 2% of global incidents. South Africa and Tunisia accounted for the most reported attacks.
Notable ransomware attacks in Africa during the last quarter of 2024 include:
- Sumitomo Rubber South Africa, a key contributor to the South African automotive sector, suffered a ransomware attack in November, which resulted in an unauthorized exfiltration of sensitive data.
- Namibia’s state-owned telecom company suffered a ransomware attack in December, leading to the leak of sensitive customer data, including information about high-ranking government officials.
The analysis by Dargos revealed more than 600 ransomware incidents affecting industrial sectors globally in the fourth quarter of 2024, marking an increase from the numbers recorded in Q3.
The manufacturing sector was targeted the most, with 424 incidents representing 70% of ransomware activities within industrial sectors.
Transportation and Industrial Control Systems (ICS) recorded a total number of 69 and 58, respectively, representing about 21% of total global activity.
Other sectors, such as government, water, mining, renewables, and data centers, experienced fewer attacks, with counts between two and five.
Attacks were mostly exploiting IT vulnerabilities such as unpatched VPN devices, outdated firewall firmware, and insufficient backup protocols.
Notable ransomware groups include:
- LockBit 3.0: The ransomware group accounted for 70 incidents, representing 12% of attacks.
- Play: Responsible for 63 incidents representing 10%.
- Ransomhub: Reported 56 incidents, a 9% share of total attacks.
- Akira: Accounted for 43 incidents, representing a share of 7%.
- Other groups include Hunters International, BlackBasta, MeowLeaks, MedusaLocker & Cactus, BlackSuit, and just to name a few.
Organizations should implement multi-factor authentication (MFA), monitor critical ports, maintain offline backups, and strengthen remote access protocols to minimize their attack surface.
About Author
