Weekly cyber attacks reach two-year high amid ransomware resurgence

The average weekly volume of cyber attacks reached a two-year high in the second quarter of 2023 amid a spike in activity among ransomware groups. 

Analysis from Check Point Research (CPR) found that the frequency of attacks increased by 8% in Q2, with organizations globally facing an average of 1,258 attacks each week.  A key factor in this surge lies in the evolution of “new evasive tactics”, combined with an increase in hacktivist-based attacks and increased ransomware group activity, the firm said.  Despite a reduction in attacks compared to the year prior, the education and research sector still remained the most-targeted industry during the second quarter, CPR noted. 

The average number of attacks per organization stood at 2,179, although this marked a 6% decrease compared to the same period in 2022. 

UK-based academic institutions have faced a barrage of attacks so far during 2023. In June, the University of Manchester experienced a highly disruptive cyber attack that exposed research data belonging to more than 1.1 million NHS patients. 

The healthcare industry has been a key recurring target for cyber criminals in recent years, with the sector experiencing a significant year-on-year increase in attacks during Q2.  Organizations operating in the sector faced an average of 1,744 attacks per week, marking a YoY increase of 30%.  Earlier this month, Barts NHS Trust, which serves more than 2.5 million patients across several hospitals, fell victim to the ALPHV ransomware gang

The group claimed to have stolen more than 70 terabytes of data, which it said marks the largest breach of healthcare data in the UK to date. 

 

Ransomware resurgence raises concerns

A resurgence in activity among high-profile ransomware groups has raised concerns among security researchers in recent months, CPR said. 

Alternative analysis from FlashPoint found that LockBit and Cl0p alone accounted for nearly 40% of all recorded ransomware attacks across June, with nearly half (47.5%) of these directly targeted US-based organizations.  

Both groups have been highly aggressive in recent weeks, with Cl0p claiming responsibility for the devastating MOVEit supply chain attack.  The file transfer platform is used by thousands of organizations globally, and initially impacted several UK firms including British Airways, Boots, and the BBC.  This incident prompted a domino effect of incidents worldwide following a breach at HR and payroll provider, Zellis. 

LockBit has also been highly active, claiming responsibility for an attack on a third-party supplier for Taiwanese chipmaker, TSMC. The group listed the chipmaker on its dark web blog and set a ransom at $70 million, marking one of the largest ever.  Continued threats for healthcare organizations may also raise concerns amid the increase in LockBit attacks highlighted by Flash Point. The ransomware group has traditionally targeted organizations operating in the sector. 

In August last year, the group claimed responsibility for an attack on a French hospital that saw sensitive patient data leaked after its $10 million ransom was refused.  The observations on the leading ransomware organizations come against a backdrop of rising attacks generally across the industry.A report published earlier this month noted a 48% year-on-year increase in attacks.

Chainalysis’ annual Crypto Crime report, also published earlier this month, noted that ransomware affiliates have returned to their old habits of targeting larger organizations.

Ransomware criminals have for years switched between targeting organizations of different sizes, with efforts from the past few years thought to have been focused more on smaller firms with comparatively less robust defenses than larger enterprises.

 

Overlooked vulnerabilities

Running in parallel to a surge in cyber attacks, FlashPoint research highlighted a concerning trend of overlooked or missing vulnerability disclosures in June.  1,828 new vulnerabilities were reported across the month. However, 395 of these were missed by the Common Vulnerabilities and Exposures (CVE) program.  More than one-third (35%) of these were rated as high or critical vulnerabilities, which the firm warned is putting organizations at heightened risk. 

“If exploited, these issues could pose a significant security risk”, the firm said in a blog post

Source: Weekly cyber attacks reach two-year high amid ransomware resurgence | ITPro

Related Items