Leaders prepare for ransomware woes after year-end storm

With the year ending with ransomware attacks and 2023 beginning with a major data theft against T-Mobile, leaders are preparing for the storm ahead.

Image: artboyshf142/Adobe Stock

It was a mixed year for cyber security in 2022 that ended with some troubling trends, with an acknowledgment at the World Economic Forum that 2023 could see major new attacks.

Monitoring threat surfaces takes time, energy, and vigilance, because that’s how malicious actors are working. Every potential threat of sideloading, credential theft, malware injection, trojan attack or other exploits should be looked out for. Sensis, which sponsored this post, makes web intelligence its overall area of ​​focus, providing best-in-class visibility to threat hunters, attack surface managers and other security professionals with comprehensive daily Internet scanning. Click here to learn more.

In fact, while the ransomware curve was going down last year, NCC Group reported that December saw a sharp increase in ransomware attacks, particularly from the threat group Blackcat. The group increased its attacks by 100% from 15 attacks in November to 30 in December, the largest number of attacks carried out by a criminal group in a single month.

Earlier this month, security group Cloudflare reported a 79% increase in DDoS attacks in the fourth quarter of 2022, with more than 16% of respondents to their survey saying they received threats or ransom demands in conjunction with DDoS attacks.

jump to:

Business and cyber leaders are sandbagging against cyberattacks

The recently released WEF report, Global Cyber ​​Security Outlook 2023, found that business leaders are “far more aware” of cyber threats than in the previous year. Nearly 93% of cyber security respondents predicted a far-reaching and catastrophic cyber incident within 24 months.

See also  World Press Trends Outlook: publishers prepare for a period marked by uncertainty

The report states that:

  • Nearly 75% of cybersecurity and business leaders plan to strengthen policies and practices for engaging direct-connection third parties with data access.
  • Some 29% of business leaders versus 17% of cyber leaders strongly agree that more sector-wide regulatory enforcement will increase cyber resilience.
  • Three-quarters of the organization’s leaders said that global geopolitical instability has affected their cyber security strategy.
  • Respondents expect advances in artificial intelligence and machine learning (20%), greater adoption of cloud technology (19%), and user identity and access management (15%) to impact their cyber risk strategies over the next two years Will have the most impact.

Breaking down silos is key to a successful security strategy

WEF survey respondents who reported successful changes in their cyber security strategy cited organizational structures that supported dialogue between cyber leaders, business leaders across functions, and boards of directors for collaboration on digital resilience in business activities .

During an interview in Davos, Sadie Craze, professor of cyber security at the University of Oxford, gave a shoutout to cyber resilience.

“There is no such thing as 100% security,” he said. “It’s about resilience in the face of vulnerability.”

Detection is half of the flexibility. Sensis, a leading Internet intelligence platform for threat hunting and exposure management, conducts daily scans of 101 protocols across the top 3,500+ ports on a major Internet protocol, IPv4, and its top 100 ports to give threat hunters best-in-class visibility Could , attack surface managers, and other security professionals.

In the survey, 95% of business executives and 93% of cyber executives — with the latter figure rising to 75% in 2022 — agreed that cyber resilience is integrated into their organization’s enterprise risk-management strategies.

See also  Loyal and experienced, China's other top leaders take office

Q4 2022 sees an increase in activity from new threat players

In its year-end review of cyber incidents, the NCC group found:

  • There were 269 ransomware attacks in December, a 2% increase over November (at 265 attacks), and in line with last year’s trend, which decreased during the holiday season.
  • December saw the highest number of ransomware victims since peaks in March and April last year.
  • LockBit 3.0 took the lead for 19% of attacks, followed by BianLain (12%) and BlackCat (11%).
  • BianLain observed a 113% increase in ransomware activity in December versus November.
  • The play, discovered in July 2022, is aimed at government sectors in Latin America with four victims (15% of attacks).

NCC Group expects Lockbit 3.0 to hold the top spot in the near future after the group fell to the third spot in November. Its most targeted sectors remained largely the same as in previous months – with slight deviations – industrials (30%), consumer cyclicals (14%) and technology (11%).

Look: Recent 2022 cyberattacks predict a rocky 2023 (TechRepublic)

Meanwhile, Bianlen has worked with victims in the education, technology and real estate sectors to release victims’ names in stages, using an asterisk or question mark as the censor. The NCC group said that the strategy of tightening the screws is aimed at motivating the organizations to pay. He said he has seen two other hacker groups using this approach.

  • North America was the target of 120 ransomware attacks (45%), making it the most targeted region, followed by Europe with 72 attacks (27%) and Asia with 33 attacks (12%).
  • Consumer cyclicals (44%) and industrial (25%) remain the top two most targeted sectors for ransomware attacks. The technology sector (11%) experienced 34 ransomware incidents, a 21% increase from the 28 attacks reported in November.
See also  Watch Europa League Soccer: Livestream Man United vs Real Betis from anywhere

The NCC Group reports a family resemblance between the Play, Hive and Nokoyawa Ransomware variants: the file names and file paths of their respective tools and payloads are identical.

“While December saw some stability in the volume of ransomware attacks, it was an aberration from what we normally see,” said Matt Hull, global head of threat intelligence at NCC Group. “During the seasonal period, we have come to expect a drop in the volume of attacks, as shown by a 37% reduction over the same time last year.”

Look: Password Breach: Why Pop Culture and Passwords Don’t Mix (Free PDF) (TechRepublic)

New malware hits the beach

A research team from cyber security firm Uptycs reported that they discovered a campaign linked to a malware called Titan Stealer, which is being marketed and sold through Telegram channels. The group said the malware can exfiltrate credential data from browsers and crypto wallets, FTP client details, screenshots, system information and captured files.

The builder tool for the malware has a UX that lets attackers specify information to steal and file types to remove from a victim’s machine.

Because ransomware and DDoS variants, worms, viruses, and other exploits are generally more prevalent, most of them automated and programmatic, companies should conduct security risk assessments at least annually. Consider using a checklist – such as TechRepublic Premium’s xlsx file. download it here.

Sensis’s highly structured data enables threat hunters to identify unique characteristics of attacker-controlled infrastructure and locate hosts with ease. Last year, for example, Sensis found a ransomware command and control network capable of launching attacks, including a host located in the U.S. Learn more about Sensis here. Click here to learn more about this and other adventures discovered and tracked by Sensis.

#Leaders #prepare #ransomware #woes #yearend #storm