(844) 627-8267
(844) 627-8267

Ransomware surge in 2023: Mandiant observes significant increase in attacks | #ransomware | #cybercrime

GUEST RESEARCH: Mandiant has reported a notable resurgence in ransomware activity in 2023, reversing the slight decline observed in 2022. The surge includes a 75% increase in posts on data leak sites and a more than 20% rise in Mandiant-led ransomware investigations.

Key findings:

  • Increased ransomware activity: Over 50 new ransomware families and variants were detected, with one-third being variants of existing families.
  • Tools and tactics: Attackers predominantly used commercially available and legitimate tools for intrusions, with a noted decline in the use of Cobalt Strike Beacon and an increase in legitimate remote access tools.
  • Rapid deployment: Ransomware was deployed within 48 hours of initial access in almost one-third of incidents, with 76% of deployments occurring outside of work hours, primarily in the early morning.
  • Global impact: Victims spanned over 110 countries across various sectors, demonstrating the widespread impact of ransomware.
  • New tactics: Innovative methods were observed, including ALPHV operators creating a searchable victim data website and filing a complaint with the SEC against a victim.

The profitability of ransomware continues to drive threat actors, with 2023 seeing over US$1 billion paid to attackers. The resurgence follows a tumultuous 2022 marked by geopolitical events and internal disruptions among cybercriminals.

2023 marked the year with the highest volume of posts on shaming sites since we began tracking these sites in Q1 2020, with Q3 2023 breaking the quarter record with more than 1,300 posts (Figure 2). Other indicators also support an increase in overall ransomware activity, including a 15% increase in unique sites with at least one post and an over 30% increase in new DLS in 2023 compared to 2022.

Approximately 30% of posts in 2023 were on newly identified DLS associated with various ransomware families, including Royallocker.Blacksuit, Rhysida, and Redbike (aka Akira). Notably, we identified limited overlaps with several of the top new DLS and tracked threat actors and/or previously observed ransomware families. It is plausible that at least some portion of the newly identified DLS activity is the result of previously established actors forming new alliances or rebrands rather than creating completely new offerings.

Mandiant directly observed more than 50 new ransomware families and variants in 2023, approximately the same as in 2021 and 2022. However, the proportion of new variants compared to families increased, with around one third of new families observed in 2023 being variants of previously identified ransomware families. This could suggest that threat actors are using their time and resources to update pre-existing ransomware families rather than creating new families from scratch.

While Mandiant has historically identified clear patterns in the most prominent day of the week for ransomware execution and a high volume of activity occurring outside of work hours, ransomware operators appeared to be less deliberate in their timing in 2023. About 75% of ransomware deployments appeared to occur outside of standard business hours, a slight reduction from 2021 and 2022, and ransomware execution was more evenly distributed across days of the week than in prior years.
In 2023, the number of days elapsed between the first evidence of malicious access and the deployment of ransomware varied widely, ranging from zero to 116 days.

In approximately 15% of incidents, ransomware was deployed within one day of initial attacker access and almost one third of incidents involved ransomware execution within the first 48 hours of initial access.

The most common initial access vectors in 2023 involved stolen credentials or the exploitation of vulnerabilities in public-facing infrastructure.

IDC WHITE PAPER: The Business Value of Aiven Data Cloud Solutions

According to IDC, Aiven enables your teams to perform more efficiently, reduce direct infrastructure costs, and provide improved database performance, agility and scalability.

Find out how Aiven makes teams 48% more efficient, allowing staff to focus on high-value activities that drive real business results:

340% 3-year ROI – break even in 5 months (average)

37% lower 3-year cost of operations

78% reduction in staff time for database deployments

Download the IDC White Paper now



It’s all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Source link


National Cyber Security