Leading companies prepare for ransomware troubles after year-end storm

Leading companies prepare for ransomware troubles after year-end storm

Leading companies prepare for ransomware troubles after year-end storm

As the year ends with ransomware attacks and 2023 begins with a major data breach against T-Mobile, executives brace for the storm to come.

A castle and a tag that say
Image: artboyshf142/Adobe Stock

It was a mixed year for cybersecurity in 2022, ending with some worrying trends, with the World Economic Forum acknowledging that 2023 could see major new attacks.

While the ransomware curve appeared to be going down last year, NCC Group reported that December saw a rapid increase in ransomware attacks, particularly from threat group BlackCat. The group increased its attacks by 100% from 15 attacks in November to 30 in December, the highest number of attacks the criminal group has undertaken in a single month.

Earlier this month, security group Cloudflare reported a 79% increase in DDoS attacks in the fourth quarter of 2022, with over 16% of respondents to their survey reporting having received a threat or ransom demand related to DDoS attacks.

Jump to:

Business and cyber executives stack sandbags against cyber attack

A just-released WEF report, Global Cybersecurity Outlook 2023, found that business leaders are “much more aware” of the cyber threat than they were a year ago. About 93% of cybersecurity respondents predicted a widespread and catastrophic cyber event within 24 months.

The report said the following:

  • Nearly 75% of cybersecurity and business leaders plan to strengthen policies and practices to outsource data access to directly connected third parties.
  • About 29% of business leaders versus 17% of cyber leaders agree that industry-wide enforcement of regulations would increase cyber resilience.
  • Three-quarters of business leaders said global geopolitical instability has impacted their cybersecurity strategy.
  • Respondents believe that artificial intelligence and machine learning (20%), greater adoption of cloud technology (19%), and advances in user identity and access management (15%) will have the greatest impact on their cyber risk strategies over the next two years will have.

Breaking down silos is key to a successful security strategy

Respondents to the WEF survey who reported successful changes in their cybersecurity strategy identified organizational structures that supported interactions between cyber executives, cross-functional business leaders and board members to collaborate on digital resilience across all business activities.

During an interview in Davos, Sadie Creese, Professor of Cybersecurity at the University of Oxford, praised cyber resilience.

“There is no such thing as 100 percent security,” she says. “It’s about resilience in the face of uncertainty.”

In the survey, 95% of business leaders and 93% of cyber executives—the latter number up from 75% in 2022—agreed that cyber resilience is built into their organization’s enterprise-wide risk management strategies.

In Q4 2022, activity from new threat actors increased

In its review of the year-end cyber events, NCC Group noted:

  • There were 269 ransomware attacks in December, a 2% increase compared to November (265 attacks) and bucking the trend of the previous year, which saw a decrease during the holiday season.
  • December saw the highest number of ransomware victims since the peaks in March and April last year.
  • LockBit 3.0 regained its leading position, accounting for 19% of attacks, followed by BianLain (12%) and BlackCat (11%).
  • BianLain saw a 113% increase in ransomware activity in December compared to November.
  • Play, discovered in July 2022 and targeting government sectors in Latin America, with four victims (15% of attacks).

NCC Group expects LockBit 3.0 to stay on top for the foreseeable future after the group dropped to third place in November. The most targeted sectors are broadly similar to those of previous months with minor deviations – Industrials (30%), Consumer Discretionary (14%) and Technology (11%).

SEE: Recent cyber attacks in 2022 predict a rocky 2023 (TechRepublic)

Meanwhile, with victims in education, technology, and real estate, BianLain has moved to progressively posting victims’ names, using asterisks or question marks as censorship. The NCC Group said this screwdriver tactic aims to get organizations to pay. They said they noticed two other hacker groups using this approach.

  • North America was the target of 120 ransomware attacks (45%), making it the most affected region, followed by Europe with 72 attacks (27%) and Asia with 33 attacks (12%).
  • Consumer discretionary (44%) and industrials (25%) remain the two sectors most commonly targeted by ransomware attacks. In the technology sector (11%), there were 34 ransomware incidents, a 21% increase from the 28 attacks reported in November.

NCC Group reports a family resemblance between Play, Hive and Nokoyawa ransomware variants: file names and file paths of their respective tools and payloads are similar.

“Although the volume of ransomware attacks was reasonably stable in December, this was a departure from what we typically observe,” said Matt Hull, global head of threat intelligence at NCC Group. “Over the seasonal period, we expect a decrease in attack volume, as evidenced by the 37% drop at the same time last year.”

SEE: Password Breach: Why Pop Culture and Passwords Don’t Mix (Free PDF) (TechRepublic)

New malware hits the beachhead

A research team from cybersecurity company Uptycs reported that they discovered a malware campaign called Titan Stealer, which is being marketed and sold through a Telegram channel. The group said the malware can exfiltrate login credentials from browsers and crypto wallets, FTP client details, screenshots, system information and captured files.

The malware builder tool has a UX that allows attackers to provide stealing information and file types to be extracted from the victim’s computer.

With ransomware and DDoS variants, worms, viruses, and other exploits generally becoming more prevalent, much of it automated and programmatic, organizations should conduct security risk assessments at least annually. Consider using a checklist – such as B. the xlsx file from TechRepublic Premium. Download here.

Leave a Reply

Your email address will not be published. Required fields are marked *