Tag Archive for: Decline

Ransomware Payments Exceed $1 Billion in 2023, Hitting Record High After 2022 Decline

/in


Chainalysis got everyone’s attention with their new report. They write, in part:

2023 marks a major comeback for ransomware, with record-breaking payments and a substantial increase in the scope and complexity of attacks — a significant reversal from the decline observed in 2022, which we forewarned in our Mid-Year Crime Update.

Ransomware payments in 2023 surpassed the $1 billion mark, the highest number ever observed. Although 2022 saw a decline in ransomware payment volume, the overall trend line from 2019 to 2023 indicates that ransomware is an escalating problem. Keep in mind that this number does not capture the economic impact of productivity loss and repair costs associated with attacks. This is evident in cases like the ALPHV-BlackCat and Scattered Spider’s bold targeting of MGM resorts. While MGM did not pay the ransom, it estimates damages cost the business over $100 million.

The following figure from their report captures 2023 in terms of the number of different groups, the median ransom payment and frequency of payments per group.  A text description is provided in their report.

Source: Chainalysis

Read more at Chainalysis.

Source…

WatchGuard report reveals decline in malware despite more campaigns

/in


A recent Internet Security Report by WatchGuard Technologies, a global leader in unified cybersecurity, has unveiled some startling trends in the realm of cyber threats. The report, which analysed data from Q2 2023, highlights a decrease in endpoint malware volumes even as campaigns grow more expansive. It also points to a rise in double-extortion attacks and the continued exploitation of older software vulnerabilities by threat actors.

Corey Nachreiner, chief security officer at WatchGuard, emphasised the evolving nature of cyber threats. “The data analysed by our Threat Lab for our latest report reinforces how advanced malware attacks fluctuate in occurrence and multifaceted cyber threats continue to evolve, requiring constant vigilance and a layered security approach to combat them effectively,” he said. Nachreiner added that there is “no single strategy that threat actors wield in their attacks” and organisations must employ a “unified security approach” for their best defence.

One of the most alarming findings is that 95% of malware now arrives over encrypted connections. This means that organisations not inspecting SSL/TLS traffic at their network perimeter are likely missing most malware. The report also found that zero-day malware dropped to an all-time low of 11% of total malware detections. However, the share of evasive detections increased to 66% when inspecting malware over encrypted connections.

In terms of endpoint malware, the volume has decreased by a slight 8% in Q2 compared to the previous quarter. Despite this, detections increased in volume by 22% and 21% when caught by 10 to 50 systems or 100 or more systems, respectively. “The increased detections among more machines indicate that widespread malware campaigns grew from Q1 to Q2 of 2023,” the report stated.

Double-extortion attacks have seen a significant rise, increasing 72% quarter over quarter. This comes even as ransomware detections on endpoints declined by 21% quarter over quarter and 72% year over year. The Threat Lab also noted the emergence of 13 new extortion groups.

The report also highlighted the resurgence of Glupteba, a multi-faceted loader, botnet, information stealer, and…

Source…

Hackers’ dwell time decline, but they are able to reach active directory very fast

/in


Even as the cyber threat landscape is becoming more complex and dangerous, there seems to be an increase in the awareness levels on the importance of guarding one’s digital properties and networks. This sounds very good and encouraging. But bad news is that the hackers are able to reach the Active Directory (AD), one of the critical assets for a company, in less than a day. 

AD typically manages identity and access to resources across an organisation, meaning attackers can use AD to easily escalate their privileges on a system to simply log in and carry out a wide range of malicious activity.

According to the latest report by cybersecurity company Sophos, the average dwell time (the time an intruder lurks around in a computer network or a device undetected) has come down to eight days from 10 days in the first half of 2023.

With regard to ransomware attacks, the dwell time comes down to five days. In 2022, the median dwell time decreased from 15 to 10 days.

Also read: India’s AI talent pool on LinkedIn has grown 14-fold since 2016

The Active Adversary Report for Tech Leaders 2023, which provides an in-depth look at attacker behaviours and tools during the first half of 2023, analysed Sophos’ Incident Response (IR) cases from January to July 2023.

“It took on average less than a day—approximately 16 hours—for attackers to reach Active Directory (AD),” he said.

“Attacking an organisation’s Active Directory infrastructure makes sense from an offensive view. AD is usually the most powerful and privileged system in the network, providing broad access to the systems, applications, resources, and data that attackers can exploit in their attacks,” John Shier, field CTO, Sophos, said.

“When an attacker controls AD, they can control the organisation. The impact, escalation, and recovery overhead of an Active Directory attack is why it’s targeted,” he said.

“Getting to and gaining control of the Active Directory server in the attack chain provides adversaries several advantages. They can linger undetected to determine their next move, and, once they’re ready to go, they can blast through a victim’s network unimpeded,” he said.

Full recovery from a domain compromise…

Source…

LockBit Ransomware Gang in Decline, May Be Compromised, Report

/in


  • LockBit’s leadership vanished for two weeks in August 2023. This suggests that the gang may have been compromised or that there was internal conflict.
  • LockBit has been unable to consistently publish victim data. This has led to victims refusing to pay ransoms and affiliates leaving the program.
  • LockBit’s updated infrastructure is not as effective as it claims to be. This is evidenced by the fact that LockBit is still struggling to publish victim data.
  • LockBit’s affiliates are leaving for its competitors. This is because LockBit is not providing the support and resources that affiliates need.
  • LockBit ransomware gang missed its most recent release date. This suggests that the gang is struggling to develop new ransomware variants.
  • LockBit wants to steal ransomware from its rivals. This is a sign that LockBit is desperate and is willing to resort to unethical tactics to stay ahead of the competition.

LockBit, a prominent but infamous ransomware gang that has wreaked havoc across numerous industries, recently vanished from the cybercriminal scene, leaving affiliates and partners in a state of uncertainty. However, their reemergence after a brief hiatus has raised questions about their operational integrity.

A new report from Jon DiMaggio, Chief Security Strategist at Analyst1, “Ransomware Diaries: Volume 3 – LockBit’s Secrets” exposes LockBit’s activities, their targets, and the challenges they’ve been facing.

Dimaggio delved deep into LockBit’s operations and uncovered critical shortcomings within the gang’s modus operandi. In his extensive report, the researcher has highlighted LockBit’s struggles with data publication, deteriorating affiliate partnerships, and a lack of timely support responses. DiMaggio believes LockBit may have been compromised.

In 2022, LockBit reigned as the foremost ransomware group and Ransomware-as-a-Service (RaaS) provider globally. In a shift from traditional ransomware groups, LockBit’s unique approach involves maintaining the ransomware’s functionality, leasing access to it, and assisting affiliates in deploying attacks.

The model has enabled LockBit to foster a wide network of attackers, resulting in…

Source…