This week’s Risk Radar examines the cybersecurity implications of escalating geopolitical tensions, emerging ransomware trends, and newly disclosed vulnerabilities affecting widely deployed network infrastructure.

The common thread is operational exposure through external dependencies. Geopolitical instability, evolving ransomware economics, and weaknesses in critical networking platforms all create risk pathways that organisations may not directly control but must still manage.

When threats emerge across these layers, situational awareness and response speed remain critical.

‍

Hacktivist Activity Surge: Middle East Conflict

Escalating geopolitical tensions in the Middle East have coincided with a significant increase in hacktivist activity. More than 149 attacks have been reported this week, targeting over 110 organisations across multiple sectors.

Energy providers, aviation organisations, and government agencies appear to be the primary targets, reflecting the strategic and symbolic value of these sectors during periods of geopolitical conflict.

Hacktivist campaigns often focus on disruption, data exposure, or reputational damage rather than direct financial gain. However, their impact can still be operationally significant, particularly when attacks affect critical infrastructure or trusted supply chains.

What this means in practice:

CISOs should evaluate potential exposure through third-party relationships. Organisations relying on suppliers, vendors, or service providers operating in the affected regions may face indirect risk if those partners become targets.

Supply chain visibility is essential. Vendor risk assessments should consider geographic exposure alongside traditional cybersecurity maturity indicators. Incident response plans should also account for scenarios where compromise originates through partner environments rather than internal systems.

‍

Ransomware Trends: Attacks Rising, Payments Lagging

A recent report from blockchain analytics firm Chainalysis highlights a notable shift in ransomware activity. According to the report, ransomware attacks increased by approximately 50% over the past year.

Despite the rise in attack volume, only around 28% of victims paid the ransom, roughly consistent with payment rates observed the previous year.

This suggests that regulatory pressure, improved incident response capabilities, and greater organisational resilience may be reducing the financial effectiveness of ransomware operations.

However, the report also notes that the average ransom payment has increased to roughly $60,000 per incident, indicating that attackers may be focusing more heavily on victims they believe have a higher probability of paying.

What this means in practice:

While payment rates remain relatively low, the continued growth in attack volume means overall organisational exposure remains high.

CISOs should ensure that ransomware preparedness remains a priority. Backup integrity, recovery testing, and incident response planning remain fundamental controls. The increase in average payment size also reinforces the importance of maintaining strong resilience capabilities to avoid situations where paying a ransom becomes a perceived operational necessity.

‍

Infrastructure Vulnerabilities: Cisco SD-WAN

Two additional vulnerabilities have been identified in Cisco’s SD-WAN platform, following the disclosure last week of a critical vulnerability with a CVSS score of 10 that allowed unauthenticated administrative access.

The newly disclosed vulnerabilities carry CVSS scores of 7.1 and 5.5 respectively. While less severe than the previously reported issue, they still highlight the importance of patching and access control for widely deployed network infrastructure.

SD-WAN platforms often sit at critical junctions within enterprise networks, managing connectivity between sites, cloud environments, and core infrastructure.

What this means in practice:

Organisations using Cisco SD-WAN should verify that all relevant patches have been applied and confirm that administrative access is not exposed to the public internet.

Network infrastructure frequently holds elevated privileges across environments. Any vulnerability affecting these platforms can significantly expand the potential blast radius of an attack if not addressed promptly.

‍

Closing Perspective

This week’s developments highlight three different but connected sources of risk: geopolitical instability driving hacktivist activity, evolving ransomware economics, and vulnerabilities affecting core network infrastructure.

Each reflects the reality that modern cyber risk is rarely confined to a single layer. External events, criminal activity, and technology weaknesses can converge quickly.

Operational discipline remains the priority. Monitor geopolitical developments that may influence cyber activity, maintain resilience against ransomware threats, and ensure that critical infrastructure platforms are patched and securely configured.

Execution speed and verification continue to be the difference between manageable risk and operational disruption.