Ransomware Victims Surge as Threat Actors Pivot to Zero-Day Exploits

/in


The number of organizations that became victims of ransomware attacks surged 143% between the first quarter of 2022 and first quarter of this year, as attackers increasingly leveraged zero-day vulnerabilities and one-day flaws to break into target networks.

In many of these attacks, threat actors did not so much as bother to encrypt data belonging to victim organizations. Instead, they focused solely on stealing their sensitive data and extort victims by threatening to sell or leak the data to others. The tactic left even those with otherwise robust backup and restoration processes backed into a corner.

A Surge in Victims

Researchers at Akamai discovered the trends when they recently analyzed data gathered from leak sites belonging to 90 ransomware groups. Leaks sites are locations where ransomware groups typically release details about their attacks, victims, and any data that they might have encrypted or exfiltrated.

Akamai’s analysis showed that several popular notions about ransomware attacks are no longer fully true. One of the most significant, according to the company, is a shift from phishing as an initial access vector to vulnerability exploitation. Akamai found that several major ransomware operators are focused on acquiring zero-day vulnerabilities — either through in-house research or by procuring it from gray-market sources — to use in their attacks.

One notable example is the Cl0P ransomware group, which abused a zero-day SQL-injection vulnerability in Fortra’s GoAnywhere software (CVE-2023-0669) earlier this year to break into numerous high-profile companies. In May, the same threat actor abused another zero-day bug it discovered — this time in Progress Software’s MOVEIt file transfer application (CVE-2023-34362) — to infiltrate dozens of major organizations globally. Akamai found Cl0p’s victim count surged ninefold between the first quarter of 2022 and first quarter of this year after it started exploiting zero-day bugs.

Although leveraging zero-day vulnerabilities is not particularly new, the emerging trend among ransomware actors to use them in large-scale attacks is significant, Akamai said.

“Particularly concerning is the in-house development of zero-day…

Source…