Following year-end ransomware storm, leaders expect a sea of ​​trouble in 2023

With the year ending with ransomware attacks and 2023 beginning with a big data breach against T-Mobile, leaders are bracing for the storms ahead.

Image: artboyshf142/Adobe Stock

It was a mixed year for cybersecurity in 2022 ending with some worrying trends, with an acknowledgment at the World Economic Forum that 2023 could see major new attacks.

Monitoring threat surfaces requires time, energy, and vigilance, because malicious actors do the same. Any potential threat of sideloading, credential theft, malware injection, Trojan attack, or other exploits should keep an eye out. Censys, which sponsored this publication, makes web intelligence its entire focus area, with a daily comprehensive Internet scan providing best-in-class visibility for threat hunters, attack surface managers, and other security professionals. safety. Click here to obtain more information.

In fact, while the ransomware curve seemed to be going down last year, NCC Group reported that December saw a rapid increase in ransomware attacks, particularly from the BlackCat threat group. The group increased its attacks by 100% from 15 attacks in November to 30 in December, the most attacks the criminal group has carried out in a single month.

Earlier this month, security group Cloudflare reported a 79% increase in DDoS attacks in Q4 2022, with more than 16% of respondents saying they had received a threat or ransom demand along with the attacks. DDoS attacks.

Jump to:

Business and cyber leaders are stacking sandbags against cyberattacks

A newly released WEF report, Global Cybersecurity Outlook 2023, found that business leaders are “much more aware” of the cyber threat than they were the year before. About 93% of cybersecurity respondents predicted a far-reaching, catastrophic cyber event within 24 months.

The report said that:

  • Nearly 75% of cybersecurity and business leaders plan to strengthen policies and practices to engage directly connected third parties with data access.
  • Some 29% of business leaders vs. 17% of cyber leaders strongly agree that increased industry-wide enforcement would increase cyber resilience.
  • Three-quarters of organization leaders said that global geopolitical instability has influenced their cybersecurity strategy.
  • Respondents think artificial intelligence and machine learning (20%), increased adoption of cloud technology (19%), and advances in user identity and access management (15%) will have the most influence on their cyber risk strategies over the next two years.

Breaking down silos is key to a successful security strategy

WEF survey respondents who reported successful changes to their cybersecurity strategy cited organizational structures that supported interaction between cyber leaders, business leaders across functions, and boards of directors toward digital resiliency collaboration across all business activities.

During an interview in Davos, Sadie Creese, a professor of cybersecurity at the University of Oxford, praised cyber resilience.

“There is no such thing as 100% security,” he said. “It’s about resilience in the face of insecurity.”

Detection is half the resilience. Censys, a leading Internet intelligence platform for threat hunting and exposure management, performs daily scans of 101 protocols on the top 3,500+ ports on a key Internet protocol, IPv4, and its top 100 ports to provide best-in-class visibility to threat hunters. , attack surface managers, and other security professionals.

In the survey, 95% of business executives and 93% of cyber executives, with the latter number exceeding 75% by 2022, agreed that cyber resilience is integrated into their enterprise risk management strategies. organization.

Q4 2022 saw increased activity from new threat players

In its review of year-end cyber events, NCC Group found:

  • There were 269 ransomware attacks in December, an increase of 2% compared to November (with 265 attacks) and against the trend of the previous year, which saw declines during the holiday season.
  • December saw the highest number of ransomware victims since peaks in March and April last year.
  • LockBit 3.0 regained its leading position with 19% of attacks, followed by BianLain (12%) and BlackCat (11%).
  • BianLain saw a 113% increase in ransomware activity in December vs. November.
  • Play, discovered in July 2022, targeting government sectors in Latin America with four victims (15% of attacks).

NCC Group expects LockBit 3.0 to hold onto the top spot for the foreseeable future after the group slipped to third place in November. Its more specific sectors remain largely similar to previous months with little deviation: industrials (30%), consumer cyclical (14%), and technology (11%).

SEE: Recent 2022 Cyber ​​Attacks Herald a Rocky 2023 (Technological Republic)

Meanwhile, BianLain, with victims in the education, technology and real estate sectors, has released the names of the victims in stages, using asterisks or question marks as censorship. NCC Group opined that this screw-tightening tactic is intended to entice organizations to pay. They said they have noticed two other hacker groups using this approach.

  • North America was the target of 120 ransomware attacks (45%), making it the most attacked region, followed by Europe with 72 attacks (27%) and Asia with 33 attacks (12%).
  • Consumer cyclicals (44%) and industrials (25%) continue to be the top two sectors hit the hardest by ransomware attacks. The tech sector (11%) experienced 34 ransomware incidents, up 21% from the 28 attacks reported in November.

NCC Group reports a family resemblance between the Play, Hive, and Nokoyawa ransomware variants: the file names and file paths of their respective tools and payloads are similar.

“While December saw some stability in the volume of ransomware attacks, this was a departure from what we typically see,” said Matt Hull, NCC Group’s global head of threat intelligence. “Over the seasonal period, we have come to expect a decline in attack volume, as evidenced by the 37% decline over the same period last year.”

SEE: Password Breach: Why Pop Culture and Passwords Don’t Mix (Free PDF) (Technological Republic)

New malware hits the beachhead

A research team from cybersecurity firm Uptycs reported that it discovered a campaign involving malware called Titan Stealer, which is being traded and sold through a Telegram channel. The group said the malware can leak credential data from browsers and crypto wallets, FTP client details, screenshots, system information, and captured files.

The malware creation tool has a user experience that allows attackers to specify information to steal and file types to extract from the victim’s machine.

Because ransomware and DDoS variants, worms, viruses, and other exploits are generally more trending, largely automated and programmatic, companies should conduct security risk assessments at least annually. Consider using a checklist, such as the TechRepublic Premium xlsx file. Download it here.

Censys’ highly structured data allows threat hunters to identify unique features of attacker-controlled infrastructure and easily locate hosts. Last year, for example, Censys found a ransomware command and control network capable of launching attacks, including a host located in the US. Learn more about Censys here. Click here for more information on this and other exploits discovered and tracked by Censys.

Source link

James D. Brown
James D. Brown
Articles: 7749