Over the past year, ransomware attacks have grown more sophisticated. Groups have implemented new evasion techniques and crafted stealthier variants. Cyble, a leading cyber threat intelligence firm, has released its Q3 Ransomware Report. This summary delves into the major developments of Q3 2023, providing a snapshot of key targets, emerging tactics, and potential future trends.
Major Findings from the Report:
Weaponizing Vulnerabilities: There’s a rising trend of exploiting vulnerabilities, especially in Networking devices, to deploy ransomware. Recent significant breaches, such as the MOVEit vulnerability and Barracuda Networks supply chain attack, underscore this threat.
Sectoral Changes: The Healthcare industry is now a prime target, representing nearly 25% of all ransomware attacks. The vast digital landscape in healthcare, including websites, IoT devices, and supply chains, makes it susceptible.
High-income Organizations in the Spotlight: Ransomware groups often target high-revenue organizations, such as those in Professional Services, IT & ITES, and Construction, due to their financial capabilities and valuable data.
US: A Prime Target: The United States remains the top target for ransomware, enduring more attacks in Q3 2023 than the next ten countries combined. The UK, Italy, and Germany follow in terms of attack volume.
Ransomware Groups: While LOCKBIT remains dominant, new groups like Cactus, INC Ransom, and Knight Ransomware are emerging as significant threats.
Ransomware Languages: The use of Rust and GoLang is increasing among ransomware groups, making detection and analysis more challenging.
Employee Training: Organizations are emphasizing cybersecurity training, with focus areas including phishing and social engineering identification.
Incident Response: Comprehensive response plans, including legal protocols and quarantining procedures, are being developed.
Enhanced Backups: A major focus is on backing up sensitive data and creating recovery processes.
Advanced Security Measures: The adoption of Zero-Trust Architecture and Multi-Factor Authentication is growing to reduce breaches.
Collaboration: Industry-specific Information Sharing and Analysis Centers (ISACs) have been formed, and there’s increased collaboration with law enforcement.
Threat Intelligence Platforms: Organizations are leveraging these platforms for real-time threat intelligence.
Vulnerability Management: The emphasis is on keeping all essential software updated and patched.
Supply Chain Security: Risk assessments are being conducted to ensure a secure supply chain.