NCC Group published its annual Threat Monitor Report for 2023 Thursday and revealed an 84% increase in ransomware attacks compared to the previous year. The IT services and consulting firm detailed the rising threats, active threat actors, and recommendations for mitigating emerging risks such as supply chain attacks. The report was based on data gathered by NCC Group’s Cyber Incident Response Team (CIRT).
Despite the success of coordinated law enforcement initiatives and government actions in combating ransomware, the staggering increase in attacks points to the persistence and adaptability of threat actors in the cybersecurity landscape.
Law enforcement achievements over the past year, including the temporary disruption of the BlackCat/Alphv ransomware group, the arrest of alleged LockBit affiliate Ruslan Astamirov, and the takedown of the Qakbot malware, showcased progress in combating ransomware. However, the report highlighted the sheer volume of ransomware victims recorded in 2023 as evidence that no organization is immune to such attacks.
According to the report, targeting of sectors like finance remained consistent, with players like LockBit and BlackCat/Alphv maintaining their activity levels. Despite this, the total number of attacks rose significantly, with September marking the highest number of ransomware attacks per month.
NCC Group partially attributed the remarkable increase in ransomware attacks to threat actors taking advantage of double and triple extortion methods, DDoS attacks, and public data leak sites to compel victim organizations to pay ransoms. Additionally, the report noted that ransomware actors extended their extortion threats to include victim organizations’ customers, friends, and family members.
New players in the ransomware threat landscape also contributed to the surge in attacks in 2023, as NCC Group observed the arrival of three new ransomware groups in December alone. These new ransomware gangs, including Play, 8Base, Medusa, and BianLian, entered the top 10 most active threat actor groups for 2023, contributing to the overall increase in ransomware incidents.
Furthermore, the report highlighted the elevated activity of LockBit and version 3.0 of its ransomware, indicating the dominance of this threat group. The Clop ransomware gang also experienced a significant increase in attacks, with the gang claiming the third most active threat actor spot.
Mass exploitation attacks, particularly against vulnerable MFT products, significantly contributed to the success of the Clop ransomware gang, emphasizing the need for organizations to evaluate their third-party security posture and supply chain exploitability.
NCC Group warned that ransomware operators are now targeting large software developers and managed service providers, underlining the need for organizations to consider the potential impact on their supply chain and implement efficient patch management programs.
Despite the rise in ransomware attacks, unauthorized access and phishing remained the top two attack categories in NCC Group’s report. The firm emphasized the importance of timely patching and mitigation of known vulnerabilities to prevent such incidents.
Moreover, NCC Group discussed the potential risks and benefits of generative AI, emphasizing the need for caution when leveraging such technologies to avoid malicious activities.
With the evolving landscape of cyber threats, it is imperative for organizations to remain vigilant and proactive in strengthening their security postures and mitigating potential risks. The insights from NCC Group’s annual report serve as a valuable guide for organizations to navigate the complex and challenging cybersecurity landscape and protect themselves from ransomware and other emerging threats.