Ransomware Attacks Surge: Organizations Face Increasing Threat in 2023
Ransomware attacks are on the rise, presenting a growing threat to organizations in 2023. Attackers are rapidly escalating their tactics, causing widespread damage before defenders can even detect an infection.
According to a recent report from NCC Group, a security consultancy, the number of compromises posted to leak sites in July increased by over 150% compared to the same period last year. This trend is consistent with the overall growth in breaches publicized on these sites, a common tactic employed by double-extortion ransomware groups. So far, there has been a 79% increase in breaches reported in 2023 compared to the same timeframe in 2022.
Several factors have contributed to this surge in attacks. Notably, there have been recent vulnerabilities found in managed-file transfer services, such as MOVEit, that have been easy for attackers to exploit. In addition, the availability of initial access services has increased, providing more opportunities for attackers. Matt Hull, the global head of threat intelligence at NCC Group, explains that criminal groups are driven by opportunities to make money and will capitalize on any vulnerabilities they find.
The speed at which ransomware criminals compromise companies has also increased. According to Sophos, a cybersecurity company, the average dwell time in ransomware incidents has decreased from nine days in 2022 to five days in 2023. Attackers are becoming more efficient in their process of stealing and encrypting data, refining their techniques to complete attacks within a shorter timeframe.
While some attack groups, like Cl0p, have shifted to a theft-and-extortion scheme rather than encrypting data, most groups still rely on double extortion. This strategy involves stealing and encrypting data to coerce companies into paying the ransom.
NCC Group’s Cyber Threat Intelligence Report indicates that the industrial sector remains the primary target for ransomware attacks, followed by consumer cyclicals and technology industries. Industries with less regulation and lower cybersecurity budgets have become attractive targets for attackers.
Attackers are also skilled at lateral movement within a compromised network. They exploit vulnerabilities in Active Directory servers, gaining access to valuable resources. Sophos’ incident summary report reveals that the median time to compromise an Active Directory server is approximately 16 hours.
Most attacks occur midweek but outside of business hours, leveraging time differences to the attackers’ advantage. They take advantage of periods when security teams may be less active and less likely to detect and respond to an attack promptly.
The Cl0p group has contributed significantly to the overall growth in ransomware attacks. Exploiting vulnerabilities in managed file transfer platforms like MOVEit and GoAnywhere MFT, the group has successfully compromised numerous systems. However, instead of encrypting data, the Cl0p group focuses on stealing data for extortion purposes.
In conclusion, ransomware attacks continue to pose a significant threat to organizations. The surge in attacks can be attributed to various factors, including vulnerabilities in managed-file transfer services and increased availability of initial access points for attackers. It is crucial for businesses to prioritize robust cybersecurity measures to protect against these evolving threats.
