Is the Business World Ready for the Cyber Threats of 2024?

    Ransomware attacks have become increasingly sophisticated and advanced in the past year, necessitating more robust defence strategies and intelligence. This trend is highlighted in the Q3 Ransomware Report released by Cyble, a renowned cyber threat intelligence company. The report provides a comprehensive recap of major targets, both by sector, nation, and region, and predicts upcoming ransomware evolution trends.

    One significant finding is the increased use of vulnerabilities as a vector to deliver ransomware, particularly in networking devices. This marks a shift from the previous focus on weaponizing Managed File Transfer (MFT) software and applications. Cyble has observed instances where high-impact vulnerabilities, such as the MOVEit vulnerability and the Barracuda Networks supply chain attack, led to the compromise of industry leaders. It is expected that ransomware operators will continue to exploit vulnerabilities and zero-day exploits to deliver ransomware payloads in the future. To minimize the risk of zero-day exploits, organizations should ensure their software and products are up to date and implement cyber-awareness strategies.

    Cyble Research & Intelligence Labs (CRIL) also uncovered other trends in the ransomware space. The healthcare sector has become a prime target for ransomware attacks, accounting for nearly a quarter of all attacks. These attacks aim to steal and sell protected health information (PHI) and other sensitive data on the dark web. The healthcare sector’s large attack surface, including websites, IoT medical devices, and supply chain partners, makes it particularly vulnerable. Therefore, a standardized cybersecurity plan is crucial to protect critical data and maintain healthcare functions.

    High-income organizations dealing with sensitive data remain the primary focus for ransomware operators. These organizations are more likely to pay the demanded ransoms due to their financial capabilities and reputation concerns. The professional services, IT & ITES, and construction sectors were also targeted in the previous quarter due to their high net worth and expanded attack surfaces.

    The United States remains the most targeted nation by ransomware operators, facing more attacks in Q3-2023 than the following 10 countries combined. This can be attributed to the US’s digital prominence and global engagement. Geopolitical factors also make the United States a target for hacktivist groups leveraging ransomware. The United Kingdom, Italy, and Germany were also significant targets in terms of the volume of attacks.

    While LOCKBIT remained a potent threat with the highest number of victims, newer ransomware groups such as Cactus, INC Ransom, Metaencryptor, ThreeAM, Knight Ransomware, Cyclop Group, and MedusaLocker emerged in Q3-2023. These groups pose significant threats despite not having a similar profile or global presence as major players like LOCKBIT.

    Ransomware groups are increasingly adopting programming languages like Rust and GoLang to make their activities harder to detect and analyze. These languages provide customization capabilities for targeting multiple operating systems, expanding ransomware’s lethality and target base. This trend poses challenges for victims, cybersecurity experts, and governments when analyzing and studying ransomware to implement corrective actions.

    Organizations have responded to these developments by implementing measures to prevent and mitigate ransomware attacks. Employee training has been emphasized to enhance cybersecurity awareness, identify phishing attempts, and social engineering. Incident response planning has been improved to manage and quarantine affected systems, notify authorities, and take internal security steps. Enhanced recovery and backups have been implemented to protect sensitive data from encryption. Zero-trust architecture and multi-factor authentication have been introduced to combat human-based vulnerabilities in initial access and phishing attacks. Furthermore, intelligence sharing and collaboration with law enforcement have been promoted through the establishment of Information Sharing and Analysis Centers (ISACs).

    Overall, the Q3 Ransomware Report highlights the evolving nature of ransomware attacks and the need for proactive cybersecurity measures to protect organizations and critical data.

    Latest articles

    Related articles