CS Jul-Aug 2023

ansomware attacks
Chester Wisniewski, Sophos: most victims
will not be able to recover all their files by
simply buying the encryption keys.
Steve O'Malley, Callsign: Organisations need
a comprehensive approach, including using
anti-fraud technologies that address all kinds
of fraud.
continue to hit record levels, with 434 attacks
in June 2023, a 221% increase on the same
period last year (135 attacks - June 2022).
June's high levels of activity has been mostly
driven by Russian-speaking threat actor
Clop's exploitation of the MOVEit file transfer
software vulnerability, consistently high levels
of activity by groups such as Lockbit 3.0 and
the emergence of several new groups since
May, says NCC. Clop was responsible for 90
of the 434 attacks (21%) in June.
LOCKED IN
Lockbit 3.0, the most active threat actor of
2023 so far, was responsible for 62 of the
attacks, a fall of 21% from 78 attacks in May.
8base, a new threat actor discovered in May,
stepped up activity with 40 attacks (9%) in
June - making it the third most active threat
group that month. Other notable activity
included 17 attacks from Rhysida and nine
attacks from Darktrace, two ransomware-asa-service
(RaaS) groups that were first
observed in May 2023.
"The considerable spike in ransomware
activity so far this year is a clear indicator of
the evolving nature of the threat landscape,"
states Matt Hull, global head of threat intelligence
at NCC Group. "The better-known
players, such as Lockbit 3.0, are showing no
signs of letting up, newer groups like 8base
and Rhysida are demonstrating what they're
capable of and Clop have exploited a major
vulnerability for the second time in just three
months.
"It's imperative that organisations should
remain vigilant and adapt their security
measures to stay one step ahead,” he adds.
“We strongly advise any organisation using
MOVEit file transfer software to apply the
recent patch, given this vulnerability is being
actively exploited."
SCAMS: KNOCK-ON IMPACT
Meanwhile, Callsign has issued the results of
its annual scams research, revealing what it
describes as "the true extent of the damage
that scams have to business reputation".
Data from 8,000 consumers polled in nine
countries - 1,000 in the UK - about their
experiences of scams has identified a 40%
increase in UK consumers who have received
a scam message, compared to 2021. 23% of
those who have received a scam message
said this was enough for them to stop using
the company or service associated with the
message.
The research found that over a third (38%)
of UK respondents have lost money to scams
and 35% hadn't received any form of reimbursement
from their bank after becoming
a victim of fraudulent activity.
The types of 'scams' consumers said they
can protect themselves from included all
types of fraud such as phishing for PII data,
romance scams, investment fraud, bots or
malware for account take over purposes,
and other undisclosed vectors.
WHAT DENOTES A ‘SCAM’
However, while the definition of what
constitutes a scam varies across regions and
financial institutions (FIs), only authorised
fraud, such as authorised push payments
(APP), are generally considered by a FI to be
a scam. There appears to be a language gap
between FIs and consumers when it comes
to scams. It is possible the risk to corporate
reputation is being underestimated by FIs,
because banks' reputations are being
impacted by fraud more broadly than just
scams.
"Organisations need a comprehensive
approach, including using anti-fraud
technologies that address all kinds of fraud,"
says Steve O'Malley, chief revenue officer,
Callsign. "This is the first step - along with
finding a common language with customers
around the threat of scams - towards
repairing and rebuilding the trust that fraud
can damage so easily, and better protecting
a business' hard-won reputation."
34
computing security July/August 2023 @CSMagAndAwards www.computingsecurity.co.uk