A new report from Rapid7 has found that the number of ransomware attacks increased by 69% in the first half of 2023. Rapid7 incident response data found that at least 1500 organizations were attacked by ransomware during this period.
The report analyzed data from public disclosures and “leak site communications” -- email, chat and social media channels used by threat actors to market stolen data, coordinate attacks with each other and communicate with victims.
The increase in ransomware attacks is attributed to several factors, including the growing sophistication of ransomware gangs, the increasing availability of ransomware tools and kits, and the willingness of some organizations to pay ransoms despite FBI recommendation not to.
Common initial access vectors used by ransomware gangs included remote access (39%), followed by vulnerability exploitation (27%), phishing payloads (13%), supply chain compromise (6%), and insider threat incidents (4%).
Organizations need to be aware of these common initial access vectors and take steps to mitigate them. This includes implementing strong security controls such as multi-factor authentication and educating employees about phishing and social engineering attacks.
The report tracked 79 known state-sponsored attacks in H1 2023. The most common technique used by these groups was spear phishing and the abuse of valid accounts.
State-sponsored actors have targeted critical infrastructure (CI), industries essential to our way of life. A cyberattack on any of them – energy, water, chemical, sewage, transportation, healthcare, financial services, government facilities, food and agriculture, nuclear – could have devastating consequences on our economy, our security, and our health.
2021 was a watershed year for CI-related attacks, alerting the Federal government to the urgency for shoring up cybersecurity efforts.
- On February 5, 2021, a water treatment plant in Florida was attacked by the Wizard Spider ransomware group which briefly released excess chlorine into the water supply.
- On May 30, 2021, JBS Foods, the largest meat processing company in the world, paid $11 million in ransom to REvil after the ransomware group shut down plants in the US, Canada, and Australia. The FBI were able to claw back a paltry $2.3 million of the ransom.
Organizations need to be aware of the growing threat of these attacks and protect themselves by implementing strong security controls, educating employees about social engineering, and having an incident plan in place. Additionally, organizations should:
- Educate employees about the consequences of cyber threats. Employees should be taught how to identify and report phishing emails and social media fraud.
- Enable phishing-resistant multi-factor authentication and use password managers to generate strong passwords and change them regularly.
- Segment the network so that if one part is compromised, the rest of the network is not affected.
- Keep software up to date with the latest security patches and have a backup plan in place to help recover data if it is encrypted by ransomware.
New-school security awareness training can enable employees to follow security best practices and avoid falling for phishing and social engineering traps.
Infosecurity Magazine has the full story.