In a recent report by Corvus Insurance, it was revealed that nearly 30% of ransomware attacks were initiated by attackers exploiting vulnerabilities in virtual private networks (VPNs) and weak passwords. These attackers targeted businesses with outdated software or VPN accounts lacking adequate protection, such as common usernames like “admin” or “user” without multi-factor authentication (MFA). This led to automated brute-force attacks, allowing cybercriminals easy access to networks with minimal effort.
Corvus Chief Information Security Officer (CISO) Jason Rebholz emphasized the importance of strengthening cybersecurity defenses with multi-layered security measures beyond MFA. He highlighted the need for secure access controls to address current and future vulnerabilities in light of the increasing sophistication of cyber threats targeting businesses.
The surge in ransomware attacks during the third quarter was alarming, with Corvus identifying 1,257 attacks, following a record high of 1,248 attacks in the previous quarter. Five groups, including RansomHub, PLAY, LockBit 3.0, MEOW, and Hunters International, were responsible for 40% of the Q3 attacks. RansomHub emerged as the most active group, reporting 195 victims, a significant increase from the previous quarter.
Despite the concentrated sources of these attacks, the ransomware ecosystem expanded with a total of 59 identified groups by the end of Q3. New entrants into the cybercriminal space pose a growing threat, as seen with RansomHub quickly rising to prominence after the takedown of LockBit in the first quarter of 2024. RansomHub has targeted over 290 victims across various sectors, underscoring the evolving nature of ransomware threats.
The construction industry bore the brunt of ransomware attacks in Q3, with 83 reported victims, a 7.8% increase from the previous quarter. Ransomware groups like RansomHub specifically targeted infrastructure-related sectors, highlighting the sector’s vulnerability. Healthcare organizations also experienced a spike in attacks, with 53 reported victims, a 12.8% increase from Q2.
While the IT services sector saw a slight decline in attacks, with 49 victims compared to 54 in Q2, the systemic risks associated with attacks on IT providers remain a concern. An attack on a single IT provider can have far-reaching consequences, impacting multiple customer environments and making it a priority target for ransomware groups.
Overall, the escalation of ransomware attacks fueled by VPN vulnerabilities and weak passwords underscores the pressing need for businesses to fortify their cybersecurity defenses. Implementing robust security measures, including secure access controls and multi-factor authentication, is essential to mitigate the growing threat landscape and safeguard against future attacks.