A report published today by Critical Start, a provider of managed cybersecurity services, finds cyberattacks in the first half of 2024 continued to focus on vertical industries that are rich in critical data that can either be encrypted or stolen.

For example, the manufacturing and industrial products sector remains the top targeted industry sector, with 377 confirmed reports of ransomware attacks and database leaks.

However, the health care and life sciences sector saw a 180% surge on ransomware and database leak incidents.

In terms of the tactics and techniques being employed by cybercriminals, the report noted there has been an exponential 3,000% increase in deepfake fraud attempts. At the same time, business email compromise (BEC) compromises are now targeting smaller businesses, according to the report.

Finally, cybercriminals are also increasingly using open source software code repositories to launch two main types of attacks: Repository confusion attacks and supply chain attacks through which they hope to inject malware into downstream applications.

Sarah Jones, chief threat analyst for Critical Start, said even as law enforcement agencies become more adept at disrupting the operations of cybercriminal syndicates such as Lockbit and BlackCat, others malicious actors are filling the void. In addition, cybercriminal syndicates such as Lockbit are proving to be resilient enough to resume attacks within months of being taken down by law enforcement agencies, she noted.

It’s not clear to what degree the cybersecurity war is being won from one year to the next. As tactics and techniques shift, the organizations, with the notable exception of manufacturing and industrial products sector, that are proving vulnerable to attacks tend to shift.

The only way to effectively combat these threats is for organizations to adopt a more holistic approach to cybersecurity that combines their internal expertise with skills and resources of an external services provider, said Jones.

That approach is especially critical in a manufacturing sector where platforms are managed by operations technology (OT) teams that often have limited cybersecurity expertise. The challenge, of course, is most internal cybersecurity teams are overwhelmed trying to ensure the IT systems that the rest of the business depends on remain secure.

Theoretically, the rise of artificial intelligence (AI) should help level the playing field between individual organizations and cybercriminal syndicates that have extensive resources. The challenge is that operationalizing AI for cybersecurity use cases takes time and effort, and in the short term at least, cybercriminal syndicates might be quicker off the mark to use AI to, for example, create deep fakes. AI will also make it possible for cybercriminal syndicates to increase both the volume and sophistication of the cyberattacks being launched.

The one thing that is certain is that as cybercriminal syndicates continue to shift tactics and techniques, cybersecurity teams will need to implement countermeasures. There is a tendency to mitigate one class of threat without considering the fact that adversaries, when thwarted, will try to shift tactics. Ideally, organizations should be tracking how those attack patterns are shifting, versus learning how to thwart them after they’ve been victimized.