CS Mar-Apr 2024
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
ansomware<br />
NEW THREAT ACTORS SEND RANSOMWARE ATTACKS SOARING<br />
SOPHISTICATED ATTACK METHODS SURFACE, WITH HEALTHCARE BECOMING A PROMINENT TARGET<br />
In December last year, global levels of<br />
ransomware attacks fell by 12% from<br />
November, with a total of 391 cases,<br />
compared to 442 in the previous month,<br />
according to NCC Group's December Threat<br />
Pulse. Good news? Not really. The figure<br />
for December took the total number of<br />
ransomware attacks in 2023 to 4,667 -<br />
far beyond NCC Group's initial expectations<br />
that cases would hit 4,000. The annual total<br />
marks an 84% increase from all recorded<br />
ransomware attacks in 2022.<br />
Despite the usual threat groups responsible<br />
for ransomware attacks, December 2023<br />
saw three new groups enter the top ten most<br />
active. Data reveals that newcomer Hunters<br />
ranked in fifth place with 22 cases (6% of<br />
total). The group is believed to be a rebrand of<br />
Hive, dismantled by Europol and the FBI earlier<br />
in 2023. DragonForce ranked in sixth spot,<br />
responsible for 21 cases (5%), and has been<br />
active since Summer 2022. WereWolves also<br />
joined the ranking in tenth spot, with<br />
speculation that they are a LockBit affiliate.<br />
North America and Europe remained the<br />
two most targeted regions in December, with<br />
80% of global attacks between them. North<br />
America experienced 51% (199) of all attacks,<br />
down from 219 in November, with 114<br />
attacks in Europe marking a 29% regional<br />
reduction in cases. Claiming third place,<br />
Asia witnessed 37 attacks, also representing<br />
a decrease of 20%.<br />
Most notably, the data also reveals that<br />
attacks in Russia rose in December to 12<br />
cases, accounting for 11% of all attacks levied<br />
against targets in Europe, compared to the<br />
whole of 2023.<br />
Despite healthcare not placing in the top<br />
three most targeted sectors, it is now regarded<br />
as frequently at risk of ransomware attacks.<br />
Following October and November, where it<br />
was in the top three most targeted sectors,<br />
the total volume of ransomware attacks on<br />
healthcare in 2023 has resulted in it being<br />
considered at similar risk to other sectors.<br />
INCREASED ACTIVITY<br />
OF MALWARE FAMILIES<br />
In December, malware families (a group of<br />
applications with similar attack techniques)<br />
were more active than previous months. Two<br />
malware families, Hydra mobile malware and<br />
the unexpected activity of Qakbot, following<br />
the malware family's infrastructure take-down<br />
at the end of August, were notable.<br />
The infostealer Meduza Stealer also<br />
resurfaced in December, with a new version<br />
to help cybercriminals make their attacks<br />
more sophisticated through methods such<br />
as accounts takeover (ATO), online-banking<br />
theft and financial fraud. The re-emergence<br />
of significant malware families helps attackers<br />
to develop their own methods of gathering<br />
intelligence and understanding vulnerabilities,<br />
to prepare for the delivery of ransomware to<br />
their victims.<br />
Matt Hull, global head of threat intelligence<br />
at NCC Group, comments: ""Closing 2023<br />
with over 4,000 global ransomware attacks is<br />
reflective of the sharp rise of cyber-criminal<br />
activity, compared with 2022. Over the year<br />
we've seen the development of sophisticated<br />
attack methods, allowing both new and old<br />
threat groups to exploit vulnerabilities of<br />
victims across a range of sectors and, in particular,<br />
present threats to healthcare where we've<br />
seen notable successful attacks over the last<br />
12 months, with vast volumes of data being<br />
compromised."<br />
Matt Hull, NCC Group: sharp rise seen<br />
in cyber-criminal activity in 2023.<br />
www.computingsecurity.co.uk @<strong>CS</strong>MagAndAwards <strong>Mar</strong>ch/<strong>Apr</strong>il <strong>2024</strong> computing security<br />
29