Ransomware groups have evolved their attack strategies to effectively hold victims hostage, and SMEs are facing higher volumes of threats than large businesses, according to a new report from Mimecast.
The company’s Q4 Threat Intelligence Report found that ransomware campaigns continued to grow in Q4 2023.
Ransomware attack methods have evolved from crypto-ransomware campaigns involving encrypting data and extorting victims for the decryption keys to breach-for-ransom campaigns involving stealing sensitive data and threatening to release it when paid, to double and even triple extortion strategies involving combining tactics to intensify the consequences for victims.
Mimecast Senior Director for Sales Engineering in APAC Garret O’Hara said the company blocked nearly 250 million attacks against Mimecast-protected systems in January alone, a new record high for the company.
“It’s striking that in a busy election year, with 76 countries due to go to the polls, geopolitical tensions have increased, leading to more cyber attacks, with over 100 hacker groups claiming participation in the Israel–Gaza conflict alone,” he said. “It is deeply concerning that nation-states are using cyber operations to gather intelligence on rival governments and attack critical infrastructure and information systems.
“Organisations must act to ensure they and their employees are protected against this continuing uptick in malicious activity. Our new report offers threat-specific countermeasures and general recommendations to help combat threats.”
The report also found that users at SMEs encountered more than twice the number of threats compared to users at large companies, with users at small businesses facing 31 threats per user and mid-sized businesses facing 32, compared to 15 for large enterprises.
Attacks on SMEs tend to be more focused on credential threats due to the comparatively greater share of employees in critical roles and their reliance on credential-based cloud services for much of their operations.
Finally, the report found that Q4 marked the first time users were more likely to encounter malicious links than malicious attachments, as attackers adjust their strategy to reduce their reliance on messages blocked as either spam or impersonation.