As we move through 2024, the landscape of cybersecurity has become increasingly challenging. Cybercriminal networks are more resilient than ever, and attack surfaces are growing more complex. Scotland’s public sector has been directly impacted by these evolving threats, facing sophisticated cyber-attacks that are becoming harder to defend against.
By mid-2024, global ransomware payments had reached a staggering £363.2 million, with Scottish organisations feeling the pressure of these ongoing cyber threats. According to Recorded Future’s Insikt Group, there are four key themes emerging in their 2024 research that are shaping the cybersecurity landscape.
Theme #1: Extortion Groups Proliferate Despite Law Enforcement Action
Despite significant global law enforcement action targeting notorious ransomware groups such as LockBit and ALPHV, cybercriminals continue to adapt and persist. These groups have reorganised, used leaked malware builders, and shifted to smaller, more independent groups. This increased variation makes it even harder to combat cybercrime.
A stark example of this is the February 2024 cyber-attack on healthcare services in Scotland by the Russian criminal group, INC Ransom. While no patient services were impacted, the attack led to the exposure of sensitive data on the dark web. Ransomware operators throughout 2024 targeted essential infrastructure such as healthcare in order to maximize pressure on victims to pay out.
Theme #2: Growing Use of SaaS Increases Vulnerability to Identity Exploits
The use of Software-as-a-Service (SaaS) applications has skyrocketed, with organisations now using an average of 371 SaaS applications, a huge increase from just a few years ago. Each of these applications typically requires its own access credentials, providing cybercriminals with multiple opportunities to exploit stolen or exposed credentials.
This rise in SaaS adoption has been linked to high-profile breaches, including those at Snowflake and Change Healthcare, where attackers bypassed single sign-on (SSO) protections using stolen credentials obtained via infostealer malware.
Theme #3: The Escalation of State-Sponsored Cyber Operations
Throughout 2024, state-sponsored cyber threat actors from China, Russia, and Iran have increased their activities globally, especially through influence campaigns during key elections. With over 2 billion voters worldwide headed to the polls in 2024, including the US, the UK, India, Indonesia, France, and the EU, these elections provided ample opportunity to influence public opinion.
The Russia-aligned influence operation “Operation Overload” conducted a malign influence campaign designed to sow doubt, confusion, and discord during the 2024 US presidential election cycle, the July 2924 French elections, and the 2024 Paris Olympic Games.
Theme #4: Advanced Tactics Focus on Defence Evasion
Cybercriminals are increasingly using advanced tactics designed to evade detection. One of the key trends in 2024 is the rise of malware targeting macOS and Linux systems, which reflects the growing use of these platforms in business environments. Tools such as RustDoor and AMOS are taking advantage of cross-platform functionality to deliver sophisticated payloads. Ransomware groups have also begun to target critical hypervisors like VMware ESXi, intensifying the risks to vital infrastructure.
The Path Forward for Scotland’s Public Sector
The growing convergence of global cyber threats with local incidents highlights the urgency of maintaining a proactive cybersecurity strategy in Scotland’s public sector. While Scottish organisations have made significant strides in strengthening their security measures, the evolving and unpredictable nature of cyber threats means that vigilance and adaptability are crucial.
As the cybersecurity landscape continues to evolve, success will depend on how well Scotland can balance global threat intelligence with a localised response. Protecting critical services and sensitive data against both current and emerging cyber threats will require ongoing investment, collaboration, and a commitment to staying ahead of the ever-changing digital risks.
[Partner Content]