Webinar Recap: Using OSINT for Ransomware and Data Breach Analysis

Threat actors continuously adapt their methods to target various industries and organizations to compromise sensitive data. Therefore, understanding their tactics and techniques is crucial for organizations looking to stay ahead.

Last week, Flashpoint’s Matthew Wheeler, a breach intelligence analyst with extensive experience in law enforcement, provided valuable insights into leveraging open-source intelligence (OSINT) to dissect trends, patterns, and tradecraft employed by malicious actors.

Here’s what you need to know.

5 key takeaways

1. Ransomware statistics: In the first quarter of 2024, there were a total of 1,656 data breaches. Ransomware was responsible for 667 incidents, while unauthorized access accounted for 530.
2. Ransomware surge: Compared to 2023 Q1, ransomware increased by 100%, with business and manufacturing sectors primarily being targeted.
3. Leading RaaS group: LockBit was the leading ransomware collective, responsible for almost a quarter of all ransomware attacks.
4. Data targeted: Names, financial information, and miscellaneous data—which can provide valuable context about victims—were heavily targeted in reported ransomware incidents.
5. Industry Focus: Malicious actors are likely incentivized to target the manufacturing industry, as steep operational downtime costs increase the likelihood that victims will pay the ransom. It is estimated that operational downtime can cost organizations up to USD $260,000 an hour on average.

Check out our latest webinar to learn how often other industries were affected, as well as which types of data were targeted.

“Comparing past and present ransomware trends provides a clearer picture of the threat landscape, helping organizations to strengthen their defenses against emerging risks.”

Matthew Wheeler, Flashpoint

Leveraging OSINT for analysis and better security

Using open-source intelligence analysis makes it possible to learn about current ransomware trends and threat actor tactics. Our intelligence team is constantly decoding trends and compromised data to provide our customers with actionable insights to enhance defenses and mitigate future risks.

Here are several ways that security teams can help prevent data breaches and bolster their defenses against potential ransomware attacks:

1. Use Multi-Factor Authentication (MFA): Implement MFA across all critical systems to add an extra layer of security.
2. Identify and resist social engineering attempts: Educate employees about phishing, smishing, and vishing to prevent unauthorized access. Leverage a comprehensive source of threat intelligence to learn about the latest phishing techniques and various kill chains.
3. Manage vulnerabilities: Ensure all systems and software are updated regularly. By relying on a quality source of vulnerability intelligence such as VulnDB, organizations can become aware of critical vulnerabilities two weeks faster than the National Vulnerability Database (NVD) on average—including zero-day vulnerabilities.

Learn and defend against threats using Flashpoint

Staying ahead of today’s threats requires access to comprehensive, timely, and actionable intelligence. Ransomware and data breaches are not going anywhere and as incidents continue to rise, the cycle of cyber threats will perpetuate.

Flashpoint is dedicated to continually empower organizations with the intelligence they need to navigate the complexities of the threat landscape. Watch the on-demand webinar to gain a deeper understanding of how OSINT can bolster your cybersecurity efforts.