CS Jul-Aug 2023
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
ansomware attacks<br />
Chester Wisniewski, Sophos: most victims<br />
will not be able to recover all their files by<br />
simply buying the encryption keys.<br />
Steve O'Malley, Callsign: Organisations need<br />
a comprehensive approach, including using<br />
anti-fraud technologies that address all kinds<br />
of fraud.<br />
continue to hit record levels, with 434 attacks<br />
in June <strong>2023</strong>, a 221% increase on the same<br />
period last year (135 attacks - June 2022).<br />
June's high levels of activity has been mostly<br />
driven by Russian-speaking threat actor<br />
Clop's exploitation of the MOVEit file transfer<br />
software vulnerability, consistently high levels<br />
of activity by groups such as Lockbit 3.0 and<br />
the emergence of several new groups since<br />
May, says NCC. Clop was responsible for 90<br />
of the 434 attacks (21%) in June.<br />
LOCKED IN<br />
Lockbit 3.0, the most active threat actor of<br />
<strong>2023</strong> so far, was responsible for 62 of the<br />
attacks, a fall of 21% from 78 attacks in May.<br />
8base, a new threat actor discovered in May,<br />
stepped up activity with 40 attacks (9%) in<br />
June - making it the third most active threat<br />
group that month. Other notable activity<br />
included 17 attacks from Rhysida and nine<br />
attacks from Darktrace, two ransomware-asa-service<br />
(RaaS) groups that were first<br />
observed in May <strong>2023</strong>.<br />
"The considerable spike in ransomware<br />
activity so far this year is a clear indicator of<br />
the evolving nature of the threat landscape,"<br />
states Matt Hull, global head of threat intelligence<br />
at NCC Group. "The better-known<br />
players, such as Lockbit 3.0, are showing no<br />
signs of letting up, newer groups like 8base<br />
and Rhysida are demonstrating what they're<br />
capable of and Clop have exploited a major<br />
vulnerability for the second time in just three<br />
months.<br />
"It's imperative that organisations should<br />
remain vigilant and adapt their security<br />
measures to stay one step ahead,” he adds.<br />
“We strongly advise any organisation using<br />
MOVEit file transfer software to apply the<br />
recent patch, given this vulnerability is being<br />
actively exploited."<br />
SCAMS: KNOCK-ON IMPACT<br />
Meanwhile, Callsign has issued the results of<br />
its annual scams research, revealing what it<br />
describes as "the true extent of the damage<br />
that scams have to business reputation".<br />
Data from 8,000 consumers polled in nine<br />
countries - 1,000 in the UK - about their<br />
experiences of scams has identified a 40%<br />
increase in UK consumers who have received<br />
a scam message, compared to 2021. 23% of<br />
those who have received a scam message<br />
said this was enough for them to stop using<br />
the company or service associated with the<br />
message.<br />
The research found that over a third (38%)<br />
of UK respondents have lost money to scams<br />
and 35% hadn't received any form of reimbursement<br />
from their bank after becoming<br />
a victim of fraudulent activity.<br />
The types of 'scams' consumers said they<br />
can protect themselves from included all<br />
types of fraud such as phishing for PII data,<br />
romance scams, investment fraud, bots or<br />
malware for account take over purposes,<br />
and other undisclosed vectors.<br />
WHAT DENOTES A ‘SCAM’<br />
However, while the definition of what<br />
constitutes a scam varies across regions and<br />
financial institutions (FIs), only authorised<br />
fraud, such as authorised push payments<br />
(APP), are generally considered by a FI to be<br />
a scam. There appears to be a language gap<br />
between FIs and consumers when it comes<br />
to scams. It is possible the risk to corporate<br />
reputation is being underestimated by FIs,<br />
because banks' reputations are being<br />
impacted by fraud more broadly than just<br />
scams.<br />
"Organisations need a comprehensive<br />
approach, including using anti-fraud<br />
technologies that address all kinds of fraud,"<br />
says Steve O'Malley, chief revenue officer,<br />
Callsign. "This is the first step - along with<br />
finding a common language with customers<br />
around the threat of scams - towards<br />
repairing and rebuilding the trust that fraud<br />
can damage so easily, and better protecting<br />
a business' hard-won reputation."<br />
34<br />
computing security <strong>Jul</strong>y/<strong>Aug</strong>ust <strong>2023</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk