iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Ransomware groups, advanced persistent threats (APTs), and commodity attackers continue to compromise global businesses at scale, showing no signs of abating.
Just last month, the ALPHV (BlackCat) ransomware group struck TissuPath, a Melbourne-based pathology firm, capturing patient records and threatening to publish the stolen data within 48 hours if the ransom payment was not made.
To shed some light on threat activities like this, our research team at Rapid7 has released our 2023 Mid-Year Threat Review. This report offers a detailed snapshot of the current attack landscape and provides actionable guidance for organisations on protecting themselves from common threats.
During the first half of 2023, Rapid7 researchers tracked more than a dozen new vulnerabilities that were widely exploited. We also looked at 79 known state-sponsored attacks and gathered intelligence from various dark web forums and channels. In total, we recorded around 1,500 ransomware incidents across public reports and our own observations, representing a 69 per cent increase in incident response case volume.
Almost 40 per cent of the incidents that our consultants responded to resulted from either missing or insufficient multifactor authentication on VPNs and virtual desktop infrastructure. In general, we observed a lack of maturity in security measures and inadequate security practices.
On state-sponsored activity, one thing that stood out was the prevalent use of exploits to target public-facing government and critical infrastructure. Some of the technologies targeted are the same as what we see targeted in the private sector – routers, virtualisation platforms, and security appliances. Very often, these are the technologies to which we pay less attention when thinking about vulnerabilities, yet many of these services are critical components of day-to-day operations for both businesses and governments. They’re also prime targets for zero-day exploits. Cyber espionage, cyber warfare and financial gain were the main motives attributed to the state-sponsored threat campaigns.
Ransomware trends
While the top ransomware players remained relatively stable during the first half of 2023, the incidents tracked by our research team attributed the highest numbers to LockBit, BlackCat, and Clop, in that order. One of the notable new groups to emerge is Akira, which became active at the end of March 2023 and has hit at least 60 victims since then.
As we look ahead to 2024, we anticipate that extortion campaigns, similar to those used against MOVEit Transfer and GoAnywhere MFT users, will persist. These campaigns may include more smash-and-grab-style exploits targeting applications that store sensitive data.
Security hygiene
Growing cloud adoption and the current state of the mature and complex cyber crime ecosystem highlight the pressing need for businesses to establish and measure foundational security program elements. These include inventory and asset management capabilities and a proactive vulnerability risk management program.
As a priority, businesses must ensure multifactor authentication (MFA) is in place and enforced, especially on VPNs and virtual desktop infrastructure. Our incident response data indicates that businesses with programmatic gaps struggle to meet necessary regulatory compliance standards or lack the ability to quickly detect or recover from an attack.
As some of our report’s findings also indicate, basic security hygiene, such as enabling and enforcing MFA, significantly contributes to mitigating risk from a wide range of threats, including those posed by highly motivated adversaries.
In a persistently elevated cyber threat landscape, vigilance and proactive security measures are paramount. Likewise, as we navigate the challenges of ransomware, state-sponsored attacks, and evolving threats, it’s clear that organisations must embrace proactive security practices and adapt to the changing terrain.
Rob Dooley is the vice-president for Asia Pacific and Japan at Rapid7.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
