Tag Archive for: rise.

Amount in crypto stolen via hacking fell in 2023 but number of cases on the rise

/in


SINGAPORE – The amount of stolen cryptocurrency from hacking may have fallen globally in 2023, but the number of incidents has risen, a report by blockchain research firm Chainalysis said.

The firm on Jan 24 said global funds stolen via crypto hacking plunged by about 54.3 per cent to US$1.7 billion (S$2.3 billion) in 2023 compared with the year before.

However, the number of individual hacking incidents grew 5.5 per cent the same year to 231, from 219 in 2022.

Hacking refers to the unauthorised access, manipulation or exploitation of computer systems, networks or information.

The report said cryptocurrency hacking has become a pervasive and formidable threat that has led to billions of dollars stolen from crypto platforms and exposing vulnerabilities across the ecosystem.

The drop in the amount stolen via crypto hacking in 2023 is largely because of a fall in decentralised finance, or DeFi, hacking. DeFi refers to a new financial system where transactions are made peer to peer on public blockchains.

“Hacks of DeFi protocols largely drove the huge increase in stolen crypto that we saw in 2021 and 2022, with cyber criminals stealing US$3.1 billion in DeFi hacks in 2022. But in 2023, hackers stole just US$1.1 billion from DeFi protocols. This amounts to a 63.7 per cent drop in the total value stolen from DeFi platforms year over year,” said Chainalysis.

The fall in the value and number of DeFi hacks come as DeFi operators become better at smart contract security, the report said.

Smart contracts are self-executing contracts on the blockchain, with the terms of the agreement directly written into code.

Ms Mar Gimenez-Aguilar, lead security architect and researcher at Web3 and blockchain security firm Halborn, said in the report that the rise in security measures in DeFi protocols is a key factor in lowering the number of hacks linked to smart contract vulnerabilities.

“If we compare the top 50 hacks by value lost from 2023 with those from previous years, there is a reduction in losses from 47 per cent of the total to 18.2 per cent,” she said.

Ms Gimenez-Aguilar said price manipulation attacks remained almost constant, with around 20 per cent of the total value…

Source…

Ransomware attacks in November rise 67% from 2022

/in


  • Total ransomware cases up 30% from October
  • Industrials (33%), Consumer Cyclicals (18%), Healthcare (11%), remain most targeted sectors
  • North America (50%), Europe (30%) and Asia (10%) continue to be top three targeted regions

Global levels of ransomware attacks rose 30% in November, with a total of 442 attacks, following a lower volume of attacks in October (341) according to NCC Group’s November Threat Pulse.

As the third most active month of the year, ransomware levels in November have taken the total number of global ransomware attacks to 4,276 cases so far, surpassing predictions that the total figure would hit 4,000 with one month of 2023 still to go.

Industrials sector continues to be hardest hit

Following the trends witnessed across the year so far, Industrials was the most targeted sector in November, with 146 (33%) of all attacks, marking a 28% increase from October (114 attacks).

The data reveals that Industrials continue to be prime targets for the breadth and diversity of organizations in the sector and their vast amounts of PPI and IP data. As Industrials are focused on digitalization to enhance efficiency and productivity, there is a greater risk of ransomware attacks.

Consumer Cyclicals is the second most targeted sector with 78 (18%) of attacks, with Healthcare also holding its third place spot from October with 50 (11%) of attacks. Another month of high levels of ransomware for healthcare indicates a concrete shift in the threat landscape for the sector.

LockBit remains a dominant player

In November, LockBit was the most active threat actor, with a 73% month-on-month increase in activity from 66 attacks recorded in October. Data from across this year shows that LockBit has maintained its position as the most prominent threat actor, except in the months March, June and July when CLOP’s mass exploitation of GoAnywhere and MOVEit vulnerabilities put them in top spot.

BackCat takes second place in November with 49 (11%) of attacks and a month-on-month increase of 58%. Play drops down from the 2nd most active group in October to third in November, responsible for 10% of all attacks. November’s data marks the most active month for Play recorded by NCC Group….

Source…

WatchGuard reveals rise in remote access software exploits

/in


WatchGuard Technologies, a leading provider of unified cybersecurity, has released their latest Internet Security Report that reveals a rise in cyber actors exploiting remote access software, increases in the use of password-stealers and info-stealers, and an 89% expansion in endpoint ransomware attacks.

The report, compiled by WatchGuard Threat Lab researchers, also found a decline in malware arriving over encrypted connections. Additionally, the study shows that cyber threat actors are pivoting from script-based methods to other ‘living-off-the-land’ techniques to launch endpoint attacks.

According to Corey Nachreiner, the Chief Security Officer at WatchGuard, the continued evolution of attack methods necessitates heightened attention to recent tactics for businesses to reinforce their security strategies. He emphasised the importance of social engineering education in conjunction with a unified security approach incorporating layered defence strategies, all of which can be effectively managed by service providers.

The Internet Security Report for Q3 2023 highlighted several notable key points. For instance, cyber attackers increasingly use remote management tools and software to circumvent anti-malware detection. An example provided by the report notes a tech support scam resulting in the user downloading an unauthorised version of TeamViewer, allowing the attacker full remote access to the computer.

Q3 of 2023 also saw the variant ‘Medusa’ surge, driving a quarter-to-quarter increase of 89% in endpoint ransomware attacks. In response to heightened protections around PowerShell and other scripting, threat actors instead pivoted to utilising different ‘living-off-the-land’ techniques. Malware arrival via encrypted connections declined to 48%, yet total malware detections rose by 14%.

The report also reveals the increase of ‘commoditised malware’. A new malware family, Lazy.360502, emerged in the top ten list, proving to be a dual threat as it delivers an adware variant (2345explorer) as well as the Vidar password stealer. The increased use of this malware, supplied by a Chinese website, indicates a growing trend towards ‘password-stealer-as-a-service’.

Overall, the…

Source…

Ransomware Payments Down By 40% in 2022 | Is Ransomware Still on the Rise? | by Dominic Alegrete | Nov, 2023

/in


Ransomware groups extorted $456.8 million from organizations in 2022, less than the last two years.

2022 saw a lot of attacks such as phishing, DDoS, and ransomware, specifically ransomware groups extorting $456.8 million from companies. This marked a drop in money extorted by 40% from the previous two years that saw record-breaking highs with it being $765 million.

The decline in ransomware profits isn’t from fewer attacks but is stimulated by victims deciding not to pay the hackers. Ransomware in general was very active in 2022, with thousands of file-encrypting malware strains targeting organizations of all sizes and sectors.

Due to payments decreasing this also resulted in the average lifespan of a ransomware strain dropping from 153 days in 2021 to just 70 in 2022. Despite multiple extortion tactics such as leaking data and file encryption of DDoS attacks, victims are still refusing to pay the ransom and meet the attacker’s demands.

Coveware a cyber threat intelligence firm has identified the trend since 2019 and stated that the victim paying rates are constantly going down. In 2019 76% of victims decided to pay the ransom while 26% decided to not pay and deal with the consequences. Since then each year the percentage of victims paying has gone down and the victims that did not pay has gone up by 19=20%.

Ransomware attacks can have severe consequences on organizations ranging from files stolen, loss of revenue, and a tarnished reputation due to the severity of the attack. Many popular groups like LockBit, Hive, Cuba, Royal, Ragar, and BlackCat emerged through 2022 as the new ransomware-as-a-service groups. All the main groups I mentioned above make up 75% of all ransomware strains distributed to victims.

This past year has taken a turn for the better, 2022 was the first year that more ransomware victims did not pay. The approach changing stems from victims realizing that paying the ransom does not guarantee their files will be given back or not deleted. Another reason is that the perception of ransomware attacks has matured, and companies know what kind of news it brings if they were to pay to cause their reputation to be tarnished. Lastly, organizations may be implementing…

Source…