SlideShare a Scribd company logo

Ransomware_Q4_2023. The report. [EN].pdf

Overkill Security
Overkill Security

In the thrilling conclusion to 2023, ransomware groups had a banner year, really outdoing themselves in the "make everyone's life miserable" department. LockBit 3.0 took gold in the hacking olympics, followed by the plucky upstarts Clop and ALPHV/BlackCat. Apparently, 48% of organizations were feeling left out and decided to get in on the cyber attack action. Business services won the "most likely to get digitally mugged" award, with education and retail nipping at their heels. Hackers expanded their repertoire beyond boring old encryption to the much more exciting world of extortion. The US, UK and Canada took top honors in the "countries most likely to pay up" category. Bitcoins were the currency of choice for discerning hackers, because who doesn't love untraceable money?

Technology
1 of 3
Download to read offline
Read more: Boosty | TG Abstract – The analysis of the ransomware trends for the 4th quarter of 2023 aims to understand the multifaceted threat landscape associated with ransomware. Delving into the specifics, we intend to reveal the nuances of ransomware operations, including the identification of the dominant groups of ransomware, their target sectors and the geographical distribution of attacks. Furthermore, the analysis will highlight significant trends, such as the surge in ransomware incidents, the evolution of extortion tactics, and the implications of these developments on cybersecurity strategies. This knowledge will be useful for both technical and strategic security professionals, offering information that can guide the development of reliable protection mechanisms, inform risk management decisions and, ultimately, increase the resilience of organizations to the ever-present threat of ransomware. The significance of this analysis extends beyond mere academic interest; it equips security practitioners with actionable intelligence, enabling them to anticipate and counteract the sophisticated strategies employed by ransomware operators. I. INTRODUCTION In Q4 2023, the most common types of ransomware attacks were primarily carried out by three groups: LockBit 3.0, Clop Ransomware, and ALPHV/BlackCat ransomware. LockBit 3.0 remained the most active ransomware group, claiming an average of around 23 victims per week. Other prominent groups included Clop Ransomware and ALPHV/BlackCat ransomware. Notable incidents included LockBit's attack on Royal Mail and the shutdown of Hive Ransomware. The Quarterly Threat Report by Air IT highlighted that ransomware attacks, phishing, and insider threats continued to pose significant risks, with a surge in data volume and global connectivity widening vulnerabilities. The report from ISACA's State of Cyber Security for 2023 indicated that 48% of organizations experienced a rise in cyber attacks in Q4 2023. TechTarget's report on ransomware trends heading into 2024 suggested that supply chain attacks and the exploitation of cloud and VPN infrastructure would continue to be key trends. The report also mentioned that since 2020, more than 130 different ransomware strains have been detected, with the GandCrab family being the most prevalent. The environmental services industry faced an unprecedented surge in DDoS attacks, with a 61,839% increase in attack traffic year-over-year, as reported by Cloudflare. This surge was associated with the COP 28 event and highlighted the growing intersection between environmental issues and cyber threats. Trend Micro's report on ransomware in the first half of 2023 showed that LockBit, BlackCat, and Clop were the top RaaS groups, with a significant increase in the number of victim organizations compared to the last half of 2022. Check Point Research described 2023 as the year of mega ransomware attacks, with a shift in tactics from encryption to leveraging stolen data for extortion. The education/research sector was the most impacted by ransomware attacks in 2023. II. AFFECTED INDUSTRIES In Q4 2023, the industries most affected by ransomware attacks were the business services sector, education/research sector, and the retail/wholesale sector. The business services sector was the most targeted sector. The United States, being the most targeted country, likely contributed to the high number of attacks on this sector. The education/research sector was also heavily impacted by ransomware attacks, accounting for 22% of all attacks in 2023, according to Check Point Research. The retail/wholesale sector experienced a significant 22% spike in attacks weekly compared to 2022, as reported by Check Point Research. Other industries that were notably affected include the IT, healthcare, and manufacturing sectors, which were the most targeted sectors in terms of ransomware file detections in the first half of 2023, according to Trend Micro. The report from TechTarget also listed several industries as top targets, including construction and property, central and federal government, media, entertainment and leisure, local and state government, energy and utilities infrastructure, distribution and transport, financial services, and business, professional and legal services. III. TAKEAWAYS FROM RANSOMWARE Q4 • Record Number of Victims: The year 2023 marked the most successful year for ransomware groups in history, with a total of 4,368 victims, which is a 55.5% increase from the previous year. The fourth quarter alone saw 1,386 victims
Read more: Boosty | TG • Dominant Ransomware Groups: LockBit 3.0 remained the most active ransomware group, claiming an average of around 23 victims per week. Clop Ransomware and ALPHV/BlackCat ransomware were also prominent, with 104 and 81 victims respectively • High-Profile Incidents: Notable incidents included LockBit's attack on Royal Mail and the shutdown of Hive Ransomware • Industry Impact: The business services sector, education/research sector, and the retail/wholesale sector were among the most affected by ransomware • Geographical Focus: The United States was the most targeted country, followed by the UK and Canada • Trends in Attack Techniques: There was a shift in tactics from encryption to leveraging stolen data for extortion, with attackers focusing more on data theft and extortion campaigns that did not necessarily involve data encryption • Ransomware Strains: Since 2020, more than 130 different ransomware strains have been detected, with the GandCrab family being the most prevalent • Increased Response from Governments and Vendors: There has been an increased response from government and technology vendors to help stem the tide of ransomware attacks • Ransomware as a Service (RaaS): RaaS remains a key driver for the ongoing frequency of attacks, with groups like LockBit operating under this model • Extortion Tactics: Double and triple extortion attacks have become more prevalent and potentially more impactful and costly for affected companies • Supply Chain Attacks: Supply chain attacks have become an established part of the ransomware threat landscape, extending the impact of attacks beyond single victims IV. RANSOMWARE PAYMENTS In Q4 2023, the most common payment methods used in ransomware attacks continued to be cryptocurrencies, with Bitcoin being the most prevalent. Bitcoin accounted for approximately 98% of ransomware payments due to its perceived anonymity and ease of use. However, there were early indications that more privacy-focused digital currencies, such as Monero, were growing in popularity as the payment method of choice for cybercriminals. This shift was due to the increasing ease of detecting the flow and sources of Bitcoin. Despite the prevalence of ransom payments, the proportion of victims who paid ransoms was decreasing. Only 37% of ransomware victims paid a ransom in Q4 2023, a record low. This decrease was attributed to improved security measures and backup continuity investments, which allowed more organizations to recover from attacks without paying ransoms. The average ransom payment in Q4 2023 was significantly high, with the average payment being $408,643, a 58% increase from Q3 2022, and the median payment being $185,972, a 342% increase from Q3 2022. This increase in payment amounts was seen as a tactic by cybercriminals to compensate for the declining number of victims willing to pay ransoms. V. RANSOMWARE ENTRY POINTS In Q4 2023, the common entry points for ransomware were: • Phishing Attacks: Phishing attacks were the primary delivery method for ransomware, with 62% of successful ransomware attacks using phishing as their entry point in the victim's system. Phishing attacks rose by 173% in Q3 2023. Attackers used increasingly sophisticated social engineering techniques to trick employees into providing sensitive information • Exploitation of Vulnerabilities: Vulnerabilities in software and systems were another common entry point. For instance, the ransomware group CL0P exploited GoAnywhere file transfer software. Two new ransomware strains, CACTUS and 3AM, emerged in Q4 2023, with CACTUS exploiting known vulnerabilities in VPN appliances • Credential Theft and Brute Force Attacks: Credential theft was used in 44% of successful ransomware attacks, and brute force credentials, such as password guessing, were used in 17% of attacks • Supply Chain Attacks: Attackers targeted third-party vendors to gain access to an organization’s network • Insider Threats: Insider threats continued to pose significant risks to organizations • Social Engineering Attacks: these attacks, including Business Email Compromise (BEC), were also common VI. RANSOMWARE ENCRYPTION METHODS The encryption methods used in these attacks have evolved over time, with attackers adopting a mix of symmetric and asymmetric encryption techniques to increase the effectiveness of their attacks. In this approach, the ransomware generates two sets of keys, and a chain of encryption is used to increase the attack effectiveness. In addition to these encryption methods, there has been a notable shift in the execution strategies of ransomware attacks. Increasingly, cybercriminals are focusing more on data theft, followed by extortion campaigns that do not necessarily involve data encryption. VII. RANSOMWARE DELIVERY METHODS In Q4 2023, the most common delivery methods used in ransomware attacks were supply chain attacks, double extortion techniques, and Ransomware-as-a-Service (RaaS) operations. Supply chain attacks became a solid technique for mature and experienced ransomware groups. In these attacks, instead of directly attacking a single victim, the attackers target third-party vendors to gain access to an organization's network. Double extortion was another prevalent method. In this technique, attackers not only encrypt the victim's data but also threaten to leak stolen data if the ransom is not paid. Ransomware-as-a-Service (RaaS) operations also played a significant role. In RaaS, developers create ransomware software and sell access to this tool to criminals who then spread
Read more: Boosty | TG it among potential targets. The access is subscription-based, which is why it is called RaaS. Phishing with malicious attachments and exploiting vulnerabilities, such as zero-day vulnerabilities, were also used as initial access methods to the target system VIII. VULNERABILITIES EXPLOITED BY RANSOMWARE In Q4 2023, ransomware attackers continued to exploit a range of vulnerabilities to compromise organizations. One of the most notable vulnerabilities exploited was a two-year-old vulnerability for which a patch had been available for around the same time. This highlights the importance of timely patch management and version control within organizations. Additionally, attackers used a flaw in MagicLine4NX software, affecting versions before 1.0.026, to initiate their attacks. The MOVEit vulnerability was also significant, accounting for a notable percentage of victims in previous quarters, and it is likely that such vulnerabilities continued to be a target for ransomware groups. The year 2023 also saw a surge in the use of zero-day exploits in ransomware attacks, which are vulnerabilities that are unknown to the software vendor or have no patch available at the time of the attack. This trend of exploiting zero-day vulnerabilities underscores the adaptability of cyber threat actors and the need for organizations to enhance their defenses against such evolving threats. IX. EFFECTIVE WAYS TO PREVENT RANSOMWARE ATTACKS In Q4 2023, the most effective ways to prevent ransomware attacks were multifaceted, involving a combination of technical measures, user education, and proactive strategies: • Robust Data Backup: Regularly backing up data is a crucial step in mitigating the impact of a ransomware attack. A secure, robust data backup solution can ensure that even if data is encrypted by ransomware, the organization can restore its systems without having to pay the ransom • Cyber Awareness Training: Training employees to recognize and avoid potential ransomware threats, such as phishing emails and malicious attachments, can significantly reduce the risk of successful attacks • Patch Management: Regularly updating and patching software can eliminate known vulnerabilities that ransomware might exploit • Advanced Threat Prevention: Automated threat detection and prevention systems can identify and resolve most ransomware attacks before they cause significant damage • Endpoint Security: Robust endpoint security solutions, including antivirus and anti-malware software, can detect and block ransomware threats • Network Segmentation: Dividing the network into separate segments can prevent ransomware from spreading across the entire system • Zero Trust Security Model: Implementing a zero-trust model, where access to resources is granted only after a user has successfully verified their identity, can reduce the attack surface against ransomware • Multi-factor Authentication (MFA): Implementing MFA can add an additional layer of security, making it more difficult for attackers to gain access to systems • Least Privilege Access: Ensuring that users have the minimum levels of access necessary to perform their tasks can limit the potential damage of a ransomware attack • Application Whitelisting: Allowing only approved applications to run on a system can prevent ransomware from executing

Recommended

Ransomware_Q3_2023. The report. [EN].pdf
Ransomware_Q3_2023. The report. [EN].pdfRansomware_Q3_2023. The report. [EN].pdf
Ransomware_Q3_2023. The report. [EN].pdf
Overkill Security
 
6 Key Findings Security Findings for Service Providers
6 Key Findings Security Findings for Service Providers6 Key Findings Security Findings for Service Providers
6 Key Findings Security Findings for Service Providers
NETSCOUT
 
5 main trends in cyber security for 2020
5 main trends in cyber security for 20205 main trends in cyber security for 2020
5 main trends in cyber security for 2020
Agnieszka Guźniczak-Beim
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.
Vertex Holdings
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Global Cyber Attacks report 2018 - 2019 | HaltDos
Global Cyber Attacks report 2018 - 2019 | HaltDosGlobal Cyber Attacks report 2018 - 2019 | HaltDos
Global Cyber Attacks report 2018 - 2019 | HaltDos
Haltdos
 
Combating Cybersecurity Challenges with Advanced Analytics
Combating Cybersecurity Challenges with Advanced AnalyticsCombating Cybersecurity Challenges with Advanced Analytics
Combating Cybersecurity Challenges with Advanced Analytics
Cognizant
 
7 Cybersecurity Statistics You Need to Know in 2023.pptx
7 Cybersecurity Statistics You Need to Know in 2023.pptx7 Cybersecurity Statistics You Need to Know in 2023.pptx
7 Cybersecurity Statistics You Need to Know in 2023.pptx
IT Company Dubai
 

Recommended

Ransomware_Q3_2023. The report. [EN].pdf
Ransomware_Q3_2023. The report. [EN].pdfRansomware_Q3_2023. The report. [EN].pdf
Ransomware_Q3_2023. The report. [EN].pdf
Overkill Security
 
6 Key Findings Security Findings for Service Providers
6 Key Findings Security Findings for Service Providers6 Key Findings Security Findings for Service Providers
6 Key Findings Security Findings for Service Providers
NETSCOUT
 
5 main trends in cyber security for 2020
5 main trends in cyber security for 20205 main trends in cyber security for 2020
5 main trends in cyber security for 2020
Agnieszka Guźniczak-Beim
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.
Vertex Holdings
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Global Cyber Attacks report 2018 - 2019 | HaltDos
Global Cyber Attacks report 2018 - 2019 | HaltDosGlobal Cyber Attacks report 2018 - 2019 | HaltDos
Global Cyber Attacks report 2018 - 2019 | HaltDos
Haltdos
 
Combating Cybersecurity Challenges with Advanced Analytics
Combating Cybersecurity Challenges with Advanced AnalyticsCombating Cybersecurity Challenges with Advanced Analytics
Combating Cybersecurity Challenges with Advanced Analytics
Cognizant
 
7 Cybersecurity Statistics You Need to Know in 2023.pptx
7 Cybersecurity Statistics You Need to Know in 2023.pptx7 Cybersecurity Statistics You Need to Know in 2023.pptx
7 Cybersecurity Statistics You Need to Know in 2023.pptx
IT Company Dubai
 
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and AdaptabilityPat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
itnewsafrica
 
Guide to high volume data sources for SIEM
Guide to high volume data sources for SIEMGuide to high volume data sources for SIEM
Guide to high volume data sources for SIEM
Joseph DeFever
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shifts
malvvv
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shifts
malvvv
 
Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbook
Margarete McGrath
 
original.pdf
original.pdforiginal.pdf
original.pdf
BeHappy284922
 
Microsoft Digital Defense Report 2022.pdf
Microsoft Digital Defense Report 2022.pdfMicrosoft Digital Defense Report 2022.pdf
Microsoft Digital Defense Report 2022.pdf
Nirenj George
 
Microsoft Digital Defense Executive Summary-2022
Microsoft Digital Defense Executive Summary-2022Microsoft Digital Defense Executive Summary-2022
Microsoft Digital Defense Executive Summary-2022
Kevin Fream
 
Security troubles in e commerce website
Security troubles in e commerce websiteSecurity troubles in e commerce website
Security troubles in e commerce website
Dr. Raghavendra GS
 
CYBER-THREAT-LANDSCAPE-2021.pdf
CYBER-THREAT-LANDSCAPE-2021.pdfCYBER-THREAT-LANDSCAPE-2021.pdf
CYBER-THREAT-LANDSCAPE-2021.pdf
Krishna N
 
Cybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & ImportanceCybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & Importance
manoharparakh
 
Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government Sector
Symantec
 
Fortifying the Digital Fortress: A Comprehensive Guide to Cybersecurity Solut...
Fortifying the Digital Fortress: A Comprehensive Guide to Cybersecurity Solut...Fortifying the Digital Fortress: A Comprehensive Guide to Cybersecurity Solut...
Fortifying the Digital Fortress: A Comprehensive Guide to Cybersecurity Solut...
greendigital
 
ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019
- Mark - Fullbright
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
Mark Albala
 
Cybercrime Surveillance.docx
Cybercrime Surveillance.docxCybercrime Surveillance.docx
Cybercrime Surveillance.docx
PelorusTechnologies
 
Cisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity ReportCisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity Report
Geneva Business School Myanmar Campus
 
Analyzing Cyber Attacks 2023: Lessons Learned and Strategies for Safeguarding...
Analyzing Cyber Attacks 2023: Lessons Learned and Strategies for Safeguarding...Analyzing Cyber Attacks 2023: Lessons Learned and Strategies for Safeguarding...
Analyzing Cyber Attacks 2023: Lessons Learned and Strategies for Safeguarding...
cyberprosocial
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
CMR WORLD TECH
 
Whitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_enWhitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_en
Bankir_Ru
 
Security Maturity Model. Even Cybersecurity Needs to Grow Up [EN].pdf
Security Maturity Model. Even Cybersecurity Needs to Grow Up [EN].pdfSecurity Maturity Model. Even Cybersecurity Needs to Grow Up [EN].pdf
Security Maturity Model. Even Cybersecurity Needs to Grow Up [EN].pdf
Overkill Security
 
Bias in AI. Because Even Robots Can Be Sexist [EN].pdf
Bias in AI. Because Even Robots Can Be Sexist [EN].pdfBias in AI. Because Even Robots Can Be Sexist [EN].pdf
Bias in AI. Because Even Robots Can Be Sexist [EN].pdf
Overkill Security
 

More Related Content

Similar to Ransomware_Q4_2023. The report. [EN].pdf

Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and AdaptabilityPat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
itnewsafrica
 
Guide to high volume data sources for SIEM
Guide to high volume data sources for SIEMGuide to high volume data sources for SIEM
Guide to high volume data sources for SIEM
Joseph DeFever
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shifts
malvvv
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shifts
malvvv
 
Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbook
Margarete McGrath
 
original.pdf
original.pdforiginal.pdf
original.pdf
BeHappy284922
 
Microsoft Digital Defense Report 2022.pdf
Microsoft Digital Defense Report 2022.pdfMicrosoft Digital Defense Report 2022.pdf
Microsoft Digital Defense Report 2022.pdf
Nirenj George
 
Microsoft Digital Defense Executive Summary-2022
Microsoft Digital Defense Executive Summary-2022Microsoft Digital Defense Executive Summary-2022
Microsoft Digital Defense Executive Summary-2022
Kevin Fream
 
Security troubles in e commerce website
Security troubles in e commerce websiteSecurity troubles in e commerce website
Security troubles in e commerce website
Dr. Raghavendra GS
 
CYBER-THREAT-LANDSCAPE-2021.pdf
CYBER-THREAT-LANDSCAPE-2021.pdfCYBER-THREAT-LANDSCAPE-2021.pdf
CYBER-THREAT-LANDSCAPE-2021.pdf
Krishna N
 
Cybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & ImportanceCybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & Importance
manoharparakh
 
Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government Sector
Symantec
 
Fortifying the Digital Fortress: A Comprehensive Guide to Cybersecurity Solut...
Fortifying the Digital Fortress: A Comprehensive Guide to Cybersecurity Solut...Fortifying the Digital Fortress: A Comprehensive Guide to Cybersecurity Solut...
Fortifying the Digital Fortress: A Comprehensive Guide to Cybersecurity Solut...
greendigital
 
ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019
- Mark - Fullbright
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
Mark Albala
 
Cybercrime Surveillance.docx
Cybercrime Surveillance.docxCybercrime Surveillance.docx
Cybercrime Surveillance.docx
PelorusTechnologies
 
Cisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity ReportCisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity Report
Geneva Business School Myanmar Campus
 
Analyzing Cyber Attacks 2023: Lessons Learned and Strategies for Safeguarding...
Analyzing Cyber Attacks 2023: Lessons Learned and Strategies for Safeguarding...Analyzing Cyber Attacks 2023: Lessons Learned and Strategies for Safeguarding...
Analyzing Cyber Attacks 2023: Lessons Learned and Strategies for Safeguarding...
cyberprosocial
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
CMR WORLD TECH
 
Whitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_enWhitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_en
Bankir_Ru
 

Similar to Ransomware_Q4_2023. The report. [EN].pdf (20)

Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and AdaptabilityPat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
 
Guide to high volume data sources for SIEM
Guide to high volume data sources for SIEMGuide to high volume data sources for SIEM
Guide to high volume data sources for SIEM
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shifts
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shifts
 
Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbook
 
original.pdf
original.pdforiginal.pdf
original.pdf
 
Microsoft Digital Defense Report 2022.pdf
Microsoft Digital Defense Report 2022.pdfMicrosoft Digital Defense Report 2022.pdf
Microsoft Digital Defense Report 2022.pdf
 
Microsoft Digital Defense Executive Summary-2022
Microsoft Digital Defense Executive Summary-2022Microsoft Digital Defense Executive Summary-2022
Microsoft Digital Defense Executive Summary-2022
 
Security troubles in e commerce website
Security troubles in e commerce websiteSecurity troubles in e commerce website
Security troubles in e commerce website
 
CYBER-THREAT-LANDSCAPE-2021.pdf
CYBER-THREAT-LANDSCAPE-2021.pdfCYBER-THREAT-LANDSCAPE-2021.pdf
CYBER-THREAT-LANDSCAPE-2021.pdf
 
Cybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & ImportanceCybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & Importance
 
Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government Sector
 
Fortifying the Digital Fortress: A Comprehensive Guide to Cybersecurity Solut...
Fortifying the Digital Fortress: A Comprehensive Guide to Cybersecurity Solut...Fortifying the Digital Fortress: A Comprehensive Guide to Cybersecurity Solut...
Fortifying the Digital Fortress: A Comprehensive Guide to Cybersecurity Solut...
 
ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
 
Cybercrime Surveillance.docx
Cybercrime Surveillance.docxCybercrime Surveillance.docx
Cybercrime Surveillance.docx
 
Cisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity ReportCisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity Report
 
Analyzing Cyber Attacks 2023: Lessons Learned and Strategies for Safeguarding...
Analyzing Cyber Attacks 2023: Lessons Learned and Strategies for Safeguarding...Analyzing Cyber Attacks 2023: Lessons Learned and Strategies for Safeguarding...
Analyzing Cyber Attacks 2023: Lessons Learned and Strategies for Safeguarding...
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
Whitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_enWhitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_en
 

More from Overkill Security

Security Maturity Model. Even Cybersecurity Needs to Grow Up [EN].pdf
Security Maturity Model. Even Cybersecurity Needs to Grow Up [EN].pdfSecurity Maturity Model. Even Cybersecurity Needs to Grow Up [EN].pdf
Security Maturity Model. Even Cybersecurity Needs to Grow Up [EN].pdf
Overkill Security
 
Bias in AI. Because Even Robots Can Be Sexist [EN].pdf
Bias in AI. Because Even Robots Can Be Sexist [EN].pdfBias in AI. Because Even Robots Can Be Sexist [EN].pdf
Bias in AI. Because Even Robots Can Be Sexist [EN].pdf
Overkill Security
 
Overkill Security. Digest. 2024-06 .pdf
Overkill Security. Digest. 2024-06 .pdfOverkill Security. Digest. 2024-06 .pdf
Overkill Security. Digest. 2024-06 .pdf
Overkill Security
 
MediHunt [EN] .pdf
MediHunt [EN] .pdfMediHunt [EN] .pdf
MediHunt [EN] .pdf
Overkill Security
 
Detection of Energy Consumption Cyber Attacks on Smart Devices [EN].pdf
Detection of Energy Consumption Cyber Attacks on Smart Devices [EN].pdfDetection of Energy Consumption Cyber Attacks on Smart Devices [EN].pdf
Detection of Energy Consumption Cyber Attacks on Smart Devices [EN].pdf
Overkill Security
 
NSA's panic. SOHO [EN] .pdf
NSA's panic. SOHO [EN] .pdfNSA's panic. SOHO [EN] .pdf
NSA's panic. SOHO [EN] .pdf
Overkill Security
 
NSA's panic. Ubiquiti [EN] .pdf
NSA's panic. Ubiquiti [EN] .pdfNSA's panic. Ubiquiti [EN] .pdf
NSA's panic. Ubiquiti [EN] .pdf
Overkill Security
 
NSA's panic. AdaptTactics [EN] .pdf
NSA's panic. AdaptTactics [EN] .pdfNSA's panic. AdaptTactics [EN] .pdf
NSA's panic. AdaptTactics [EN] .pdf
Overkill Security
 
Fuxnet [EN] .pdf
Fuxnet [EN] .pdfFuxnet [EN] .pdf
Fuxnet [EN] .pdf
Overkill Security
 
AntiPhishStack [EN].pdf
AntiPhishStack [EN].pdfAntiPhishStack [EN].pdf
AntiPhishStack [EN].pdf
Overkill Security
 
Overkill Security. Digest. 2024-05. Level#Pro.pdf
Overkill Security. Digest. 2024-05. Level#Pro.pdfOverkill Security. Digest. 2024-05. Level#Pro.pdf
Overkill Security. Digest. 2024-05. Level#Pro.pdf
Overkill Security
 
NSA's panic. JetBrains [EN].pdf
NSA's panic. JetBrains [EN].pdfNSA's panic. JetBrains [EN].pdf
NSA's panic. JetBrains [EN].pdf
Overkill Security
 
Living Off the Land (LOTL) intrusions [EN].pdf
Living Off the Land (LOTL) intrusions [EN].pdfLiving Off the Land (LOTL) intrusions [EN].pdf
Living Off the Land (LOTL) intrusions [EN].pdf
Overkill Security
 
Ivanti Secure Access VPN (Pulse Secure VPN) [EN].pdf
Ivanti Secure Access VPN (Pulse Secure VPN) [EN].pdfIvanti Secure Access VPN (Pulse Secure VPN) [EN].pdf
Ivanti Secure Access VPN (Pulse Secure VPN) [EN].pdf
Overkill Security
 
Atlassian Confluence CVE-2023-22518 [EN].pdf
Atlassian Confluence CVE-2023-22518 [EN].pdfAtlassian Confluence CVE-2023-22518 [EN].pdf
Atlassian Confluence CVE-2023-22518 [EN].pdf
Overkill Security
 
The BianLian Android Ransomware [EN].pdf
The BianLian Android Ransomware [EN].pdfThe BianLian Android Ransomware [EN].pdf
The BianLian Android Ransomware [EN].pdf
Overkill Security
 
the hacktivist group Anonymous Sudan [en].pdf
the hacktivist group Anonymous Sudan [en].pdfthe hacktivist group Anonymous Sudan [en].pdf
the hacktivist group Anonymous Sudan [en].pdf
Overkill Security
 
ALPHV site taken down [EN].pdf
ALPHV site taken down [EN].pdfALPHV site taken down [EN].pdf
ALPHV site taken down [EN].pdf
Overkill Security
 
Ransomware Mallox [EN].pdf
Ransomware Mallox [EN].pdfRansomware Mallox [EN].pdf
Ransomware Mallox [EN].pdf
Overkill Security
 
Cyber Toufan Al-Aqsa Signature-IT Attack [EN].pdf
Cyber Toufan Al-Aqsa Signature-IT Attack [EN].pdfCyber Toufan Al-Aqsa Signature-IT Attack [EN].pdf
Cyber Toufan Al-Aqsa Signature-IT Attack [EN].pdf
Overkill Security
 

More from Overkill Security (20)

Security Maturity Model. Even Cybersecurity Needs to Grow Up [EN].pdf
Security Maturity Model. Even Cybersecurity Needs to Grow Up [EN].pdfSecurity Maturity Model. Even Cybersecurity Needs to Grow Up [EN].pdf
Security Maturity Model. Even Cybersecurity Needs to Grow Up [EN].pdf
 
Bias in AI. Because Even Robots Can Be Sexist [EN].pdf
Bias in AI. Because Even Robots Can Be Sexist [EN].pdfBias in AI. Because Even Robots Can Be Sexist [EN].pdf
Bias in AI. Because Even Robots Can Be Sexist [EN].pdf
 
Overkill Security. Digest. 2024-06 .pdf
Overkill Security. Digest. 2024-06 .pdfOverkill Security. Digest. 2024-06 .pdf
Overkill Security. Digest. 2024-06 .pdf
 
MediHunt [EN] .pdf
MediHunt [EN] .pdfMediHunt [EN] .pdf
MediHunt [EN] .pdf
 
Detection of Energy Consumption Cyber Attacks on Smart Devices [EN].pdf
Detection of Energy Consumption Cyber Attacks on Smart Devices [EN].pdfDetection of Energy Consumption Cyber Attacks on Smart Devices [EN].pdf
Detection of Energy Consumption Cyber Attacks on Smart Devices [EN].pdf
 
NSA's panic. SOHO [EN] .pdf
NSA's panic. SOHO [EN] .pdfNSA's panic. SOHO [EN] .pdf
NSA's panic. SOHO [EN] .pdf
 
NSA's panic. Ubiquiti [EN] .pdf
NSA's panic. Ubiquiti [EN] .pdfNSA's panic. Ubiquiti [EN] .pdf
NSA's panic. Ubiquiti [EN] .pdf
 
NSA's panic. AdaptTactics [EN] .pdf
NSA's panic. AdaptTactics [EN] .pdfNSA's panic. AdaptTactics [EN] .pdf
NSA's panic. AdaptTactics [EN] .pdf
 
Fuxnet [EN] .pdf
Fuxnet [EN] .pdfFuxnet [EN] .pdf
Fuxnet [EN] .pdf
 
AntiPhishStack [EN].pdf
AntiPhishStack [EN].pdfAntiPhishStack [EN].pdf
AntiPhishStack [EN].pdf
 
Overkill Security. Digest. 2024-05. Level#Pro.pdf
Overkill Security. Digest. 2024-05. Level#Pro.pdfOverkill Security. Digest. 2024-05. Level#Pro.pdf
Overkill Security. Digest. 2024-05. Level#Pro.pdf
 
NSA's panic. JetBrains [EN].pdf
NSA's panic. JetBrains [EN].pdfNSA's panic. JetBrains [EN].pdf
NSA's panic. JetBrains [EN].pdf
 
Living Off the Land (LOTL) intrusions [EN].pdf
Living Off the Land (LOTL) intrusions [EN].pdfLiving Off the Land (LOTL) intrusions [EN].pdf
Living Off the Land (LOTL) intrusions [EN].pdf
 
Ivanti Secure Access VPN (Pulse Secure VPN) [EN].pdf
Ivanti Secure Access VPN (Pulse Secure VPN) [EN].pdfIvanti Secure Access VPN (Pulse Secure VPN) [EN].pdf
Ivanti Secure Access VPN (Pulse Secure VPN) [EN].pdf
 
Atlassian Confluence CVE-2023-22518 [EN].pdf
Atlassian Confluence CVE-2023-22518 [EN].pdfAtlassian Confluence CVE-2023-22518 [EN].pdf
Atlassian Confluence CVE-2023-22518 [EN].pdf
 
The BianLian Android Ransomware [EN].pdf
The BianLian Android Ransomware [EN].pdfThe BianLian Android Ransomware [EN].pdf
The BianLian Android Ransomware [EN].pdf
 
the hacktivist group Anonymous Sudan [en].pdf
the hacktivist group Anonymous Sudan [en].pdfthe hacktivist group Anonymous Sudan [en].pdf
the hacktivist group Anonymous Sudan [en].pdf
 
ALPHV site taken down [EN].pdf
ALPHV site taken down [EN].pdfALPHV site taken down [EN].pdf
ALPHV site taken down [EN].pdf
 
Ransomware Mallox [EN].pdf
Ransomware Mallox [EN].pdfRansomware Mallox [EN].pdf
Ransomware Mallox [EN].pdf
 
Cyber Toufan Al-Aqsa Signature-IT Attack [EN].pdf
Cyber Toufan Al-Aqsa Signature-IT Attack [EN].pdfCyber Toufan Al-Aqsa Signature-IT Attack [EN].pdf
Cyber Toufan Al-Aqsa Signature-IT Attack [EN].pdf
 

Recently uploaded

Summer24-ReleaseOverviewDeck - Stephen Stanley 27 June 2024.pdf
Summer24-ReleaseOverviewDeck - Stephen Stanley 27 June 2024.pdfSummer24-ReleaseOverviewDeck - Stephen Stanley 27 June 2024.pdf
Summer24-ReleaseOverviewDeck - Stephen Stanley 27 June 2024.pdf
Anna Loughnan Colquhoun
 
UiPath Community Day Kraków: Devs4Devs Conference
UiPath Community Day Kraków: Devs4Devs ConferenceUiPath Community Day Kraków: Devs4Devs Conference
UiPath Community Day Kraków: Devs4Devs Conference
UiPathCommunity
 
this resume for sadika shaikh bca student
this resume for sadika shaikh bca studentthis resume for sadika shaikh bca student
this resume for sadika shaikh bca student
SadikaShaikh7
 
Multimodal Retrieval Augmented Generation (RAG) with Milvus
Multimodal Retrieval Augmented Generation (RAG) with MilvusMultimodal Retrieval Augmented Generation (RAG) with Milvus
Multimodal Retrieval Augmented Generation (RAG) with Milvus
Zilliz
 
DealBook of Ukraine: 2024 edition
DealBook of Ukraine: 2024 editionDealBook of Ukraine: 2024 edition
DealBook of Ukraine: 2024 edition
Yevgen Sysoyev
 
20240702 QFM021 Machine Intelligence Reading List June 2024
20240702 QFM021 Machine Intelligence Reading List June 202420240702 QFM021 Machine Intelligence Reading List June 2024
20240702 QFM021 Machine Intelligence Reading List June 2024
Matthew Sinclair
 
Chapter 1 - Fundamentals of Testing V4.0
Chapter 1 - Fundamentals of Testing V4.0Chapter 1 - Fundamentals of Testing V4.0
Chapter 1 - Fundamentals of Testing V4.0
Neeraj Kumar Singh
 
Chapter 4 - Test Analysis & Design Techniques V4.0
Chapter 4 - Test Analysis & Design Techniques V4.0Chapter 4 - Test Analysis & Design Techniques V4.0
Chapter 4 - Test Analysis & Design Techniques V4.0
Neeraj Kumar Singh
 
GDG Cloud Southlake #34: Neatsun Ziv: Automating Appsec
GDG Cloud Southlake #34: Neatsun Ziv: Automating AppsecGDG Cloud Southlake #34: Neatsun Ziv: Automating Appsec
GDG Cloud Southlake #34: Neatsun Ziv: Automating Appsec
James Anderson
 
Chapter 3 - Static Testing (Review) V4.0
Chapter 3 - Static Testing (Review) V4.0Chapter 3 - Static Testing (Review) V4.0
Chapter 3 - Static Testing (Review) V4.0
Neeraj Kumar Singh
 
Leveraging AI for Software Developer Productivity.pptx
Leveraging AI for Software Developer Productivity.pptxLeveraging AI for Software Developer Productivity.pptx
Leveraging AI for Software Developer Productivity.pptx
petabridge
 
“Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” a Pres...
“Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” a Pres...“Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” a Pres...
“Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” a Pres...
Edge AI and Vision Alliance
 
Dev Dives: Mining your data with AI-powered Continuous Discovery
Dev Dives: Mining your data with AI-powered Continuous DiscoveryDev Dives: Mining your data with AI-powered Continuous Discovery
Dev Dives: Mining your data with AI-powered Continuous Discovery
UiPathCommunity
 
HTTP Adaptive Streaming – Quo Vadis (2024)
HTTP Adaptive Streaming – Quo Vadis (2024)HTTP Adaptive Streaming – Quo Vadis (2024)
HTTP Adaptive Streaming – Quo Vadis (2024)
Alpen-Adria-Universität
 
Data Protection in a Connected World: Sovereignty and Cyber Security
Data Protection in a Connected World: Sovereignty and Cyber SecurityData Protection in a Connected World: Sovereignty and Cyber Security
Data Protection in a Connected World: Sovereignty and Cyber Security
anupriti
 
Pigging Solutions Sustainability brochure.pdf
Pigging Solutions Sustainability brochure.pdfPigging Solutions Sustainability brochure.pdf
Pigging Solutions Sustainability brochure.pdf
Pigging Solutions
 
Chapter 5 - Managing Test Activities V4.0
Chapter 5 - Managing Test Activities V4.0Chapter 5 - Managing Test Activities V4.0
Chapter 5 - Managing Test Activities V4.0
Neeraj Kumar Singh
 
Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...
BookNet Canada
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
The Digital Insurer
 
AI_dev Europe 2024 - From OpenAI to Opensource AI
AI_dev Europe 2024 - From OpenAI to Opensource AIAI_dev Europe 2024 - From OpenAI to Opensource AI
AI_dev Europe 2024 - From OpenAI to Opensource AI
Raphaël Semeteys
 

Recently uploaded (20)

Summer24-ReleaseOverviewDeck - Stephen Stanley 27 June 2024.pdf
Summer24-ReleaseOverviewDeck - Stephen Stanley 27 June 2024.pdfSummer24-ReleaseOverviewDeck - Stephen Stanley 27 June 2024.pdf
Summer24-ReleaseOverviewDeck - Stephen Stanley 27 June 2024.pdf
 
UiPath Community Day Kraków: Devs4Devs Conference
UiPath Community Day Kraków: Devs4Devs ConferenceUiPath Community Day Kraków: Devs4Devs Conference
UiPath Community Day Kraków: Devs4Devs Conference
 
this resume for sadika shaikh bca student
this resume for sadika shaikh bca studentthis resume for sadika shaikh bca student
this resume for sadika shaikh bca student
 
Multimodal Retrieval Augmented Generation (RAG) with Milvus
Multimodal Retrieval Augmented Generation (RAG) with MilvusMultimodal Retrieval Augmented Generation (RAG) with Milvus
Multimodal Retrieval Augmented Generation (RAG) with Milvus
 
DealBook of Ukraine: 2024 edition
DealBook of Ukraine: 2024 editionDealBook of Ukraine: 2024 edition
DealBook of Ukraine: 2024 edition
 
20240702 QFM021 Machine Intelligence Reading List June 2024
20240702 QFM021 Machine Intelligence Reading List June 202420240702 QFM021 Machine Intelligence Reading List June 2024
20240702 QFM021 Machine Intelligence Reading List June 2024
 
Chapter 1 - Fundamentals of Testing V4.0
Chapter 1 - Fundamentals of Testing V4.0Chapter 1 - Fundamentals of Testing V4.0
Chapter 1 - Fundamentals of Testing V4.0
 
Chapter 4 - Test Analysis & Design Techniques V4.0
Chapter 4 - Test Analysis & Design Techniques V4.0Chapter 4 - Test Analysis & Design Techniques V4.0
Chapter 4 - Test Analysis & Design Techniques V4.0
 
GDG Cloud Southlake #34: Neatsun Ziv: Automating Appsec
GDG Cloud Southlake #34: Neatsun Ziv: Automating AppsecGDG Cloud Southlake #34: Neatsun Ziv: Automating Appsec
GDG Cloud Southlake #34: Neatsun Ziv: Automating Appsec
 
Chapter 3 - Static Testing (Review) V4.0
Chapter 3 - Static Testing (Review) V4.0Chapter 3 - Static Testing (Review) V4.0
Chapter 3 - Static Testing (Review) V4.0
 
Leveraging AI for Software Developer Productivity.pptx
Leveraging AI for Software Developer Productivity.pptxLeveraging AI for Software Developer Productivity.pptx
Leveraging AI for Software Developer Productivity.pptx
 
“Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” a Pres...
“Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” a Pres...“Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” a Pres...
“Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” a Pres...
 
Dev Dives: Mining your data with AI-powered Continuous Discovery
Dev Dives: Mining your data with AI-powered Continuous DiscoveryDev Dives: Mining your data with AI-powered Continuous Discovery
Dev Dives: Mining your data with AI-powered Continuous Discovery
 
HTTP Adaptive Streaming – Quo Vadis (2024)
HTTP Adaptive Streaming – Quo Vadis (2024)HTTP Adaptive Streaming – Quo Vadis (2024)
HTTP Adaptive Streaming – Quo Vadis (2024)
 
Data Protection in a Connected World: Sovereignty and Cyber Security
Data Protection in a Connected World: Sovereignty and Cyber SecurityData Protection in a Connected World: Sovereignty and Cyber Security
Data Protection in a Connected World: Sovereignty and Cyber Security
 
Pigging Solutions Sustainability brochure.pdf
Pigging Solutions Sustainability brochure.pdfPigging Solutions Sustainability brochure.pdf
Pigging Solutions Sustainability brochure.pdf
 
Chapter 5 - Managing Test Activities V4.0
Chapter 5 - Managing Test Activities V4.0Chapter 5 - Managing Test Activities V4.0
Chapter 5 - Managing Test Activities V4.0
 
Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
AI_dev Europe 2024 - From OpenAI to Opensource AI
AI_dev Europe 2024 - From OpenAI to Opensource AIAI_dev Europe 2024 - From OpenAI to Opensource AI
AI_dev Europe 2024 - From OpenAI to Opensource AI
 

Ransomware_Q4_2023. The report. [EN].pdf

  • 1. Read more: Boosty | TG Abstract – The analysis of the ransomware trends for the 4th quarter of 2023 aims to understand the multifaceted threat landscape associated with ransomware. Delving into the specifics, we intend to reveal the nuances of ransomware operations, including the identification of the dominant groups of ransomware, their target sectors and the geographical distribution of attacks. Furthermore, the analysis will highlight significant trends, such as the surge in ransomware incidents, the evolution of extortion tactics, and the implications of these developments on cybersecurity strategies. This knowledge will be useful for both technical and strategic security professionals, offering information that can guide the development of reliable protection mechanisms, inform risk management decisions and, ultimately, increase the resilience of organizations to the ever-present threat of ransomware. The significance of this analysis extends beyond mere academic interest; it equips security practitioners with actionable intelligence, enabling them to anticipate and counteract the sophisticated strategies employed by ransomware operators. I. INTRODUCTION In Q4 2023, the most common types of ransomware attacks were primarily carried out by three groups: LockBit 3.0, Clop Ransomware, and ALPHV/BlackCat ransomware. LockBit 3.0 remained the most active ransomware group, claiming an average of around 23 victims per week. Other prominent groups included Clop Ransomware and ALPHV/BlackCat ransomware. Notable incidents included LockBit's attack on Royal Mail and the shutdown of Hive Ransomware. The Quarterly Threat Report by Air IT highlighted that ransomware attacks, phishing, and insider threats continued to pose significant risks, with a surge in data volume and global connectivity widening vulnerabilities. The report from ISACA's State of Cyber Security for 2023 indicated that 48% of organizations experienced a rise in cyber attacks in Q4 2023. TechTarget's report on ransomware trends heading into 2024 suggested that supply chain attacks and the exploitation of cloud and VPN infrastructure would continue to be key trends. The report also mentioned that since 2020, more than 130 different ransomware strains have been detected, with the GandCrab family being the most prevalent. The environmental services industry faced an unprecedented surge in DDoS attacks, with a 61,839% increase in attack traffic year-over-year, as reported by Cloudflare. This surge was associated with the COP 28 event and highlighted the growing intersection between environmental issues and cyber threats. Trend Micro's report on ransomware in the first half of 2023 showed that LockBit, BlackCat, and Clop were the top RaaS groups, with a significant increase in the number of victim organizations compared to the last half of 2022. Check Point Research described 2023 as the year of mega ransomware attacks, with a shift in tactics from encryption to leveraging stolen data for extortion. The education/research sector was the most impacted by ransomware attacks in 2023. II. AFFECTED INDUSTRIES In Q4 2023, the industries most affected by ransomware attacks were the business services sector, education/research sector, and the retail/wholesale sector. The business services sector was the most targeted sector. The United States, being the most targeted country, likely contributed to the high number of attacks on this sector. The education/research sector was also heavily impacted by ransomware attacks, accounting for 22% of all attacks in 2023, according to Check Point Research. The retail/wholesale sector experienced a significant 22% spike in attacks weekly compared to 2022, as reported by Check Point Research. Other industries that were notably affected include the IT, healthcare, and manufacturing sectors, which were the most targeted sectors in terms of ransomware file detections in the first half of 2023, according to Trend Micro. The report from TechTarget also listed several industries as top targets, including construction and property, central and federal government, media, entertainment and leisure, local and state government, energy and utilities infrastructure, distribution and transport, financial services, and business, professional and legal services. III. TAKEAWAYS FROM RANSOMWARE Q4 • Record Number of Victims: The year 2023 marked the most successful year for ransomware groups in history, with a total of 4,368 victims, which is a 55.5% increase from the previous year. The fourth quarter alone saw 1,386 victims
  • 2. Read more: Boosty | TG • Dominant Ransomware Groups: LockBit 3.0 remained the most active ransomware group, claiming an average of around 23 victims per week. Clop Ransomware and ALPHV/BlackCat ransomware were also prominent, with 104 and 81 victims respectively • High-Profile Incidents: Notable incidents included LockBit's attack on Royal Mail and the shutdown of Hive Ransomware • Industry Impact: The business services sector, education/research sector, and the retail/wholesale sector were among the most affected by ransomware • Geographical Focus: The United States was the most targeted country, followed by the UK and Canada • Trends in Attack Techniques: There was a shift in tactics from encryption to leveraging stolen data for extortion, with attackers focusing more on data theft and extortion campaigns that did not necessarily involve data encryption • Ransomware Strains: Since 2020, more than 130 different ransomware strains have been detected, with the GandCrab family being the most prevalent • Increased Response from Governments and Vendors: There has been an increased response from government and technology vendors to help stem the tide of ransomware attacks • Ransomware as a Service (RaaS): RaaS remains a key driver for the ongoing frequency of attacks, with groups like LockBit operating under this model • Extortion Tactics: Double and triple extortion attacks have become more prevalent and potentially more impactful and costly for affected companies • Supply Chain Attacks: Supply chain attacks have become an established part of the ransomware threat landscape, extending the impact of attacks beyond single victims IV. RANSOMWARE PAYMENTS In Q4 2023, the most common payment methods used in ransomware attacks continued to be cryptocurrencies, with Bitcoin being the most prevalent. Bitcoin accounted for approximately 98% of ransomware payments due to its perceived anonymity and ease of use. However, there were early indications that more privacy-focused digital currencies, such as Monero, were growing in popularity as the payment method of choice for cybercriminals. This shift was due to the increasing ease of detecting the flow and sources of Bitcoin. Despite the prevalence of ransom payments, the proportion of victims who paid ransoms was decreasing. Only 37% of ransomware victims paid a ransom in Q4 2023, a record low. This decrease was attributed to improved security measures and backup continuity investments, which allowed more organizations to recover from attacks without paying ransoms. The average ransom payment in Q4 2023 was significantly high, with the average payment being $408,643, a 58% increase from Q3 2022, and the median payment being $185,972, a 342% increase from Q3 2022. This increase in payment amounts was seen as a tactic by cybercriminals to compensate for the declining number of victims willing to pay ransoms. V. RANSOMWARE ENTRY POINTS In Q4 2023, the common entry points for ransomware were: • Phishing Attacks: Phishing attacks were the primary delivery method for ransomware, with 62% of successful ransomware attacks using phishing as their entry point in the victim's system. Phishing attacks rose by 173% in Q3 2023. Attackers used increasingly sophisticated social engineering techniques to trick employees into providing sensitive information • Exploitation of Vulnerabilities: Vulnerabilities in software and systems were another common entry point. For instance, the ransomware group CL0P exploited GoAnywhere file transfer software. Two new ransomware strains, CACTUS and 3AM, emerged in Q4 2023, with CACTUS exploiting known vulnerabilities in VPN appliances • Credential Theft and Brute Force Attacks: Credential theft was used in 44% of successful ransomware attacks, and brute force credentials, such as password guessing, were used in 17% of attacks • Supply Chain Attacks: Attackers targeted third-party vendors to gain access to an organization’s network • Insider Threats: Insider threats continued to pose significant risks to organizations • Social Engineering Attacks: these attacks, including Business Email Compromise (BEC), were also common VI. RANSOMWARE ENCRYPTION METHODS The encryption methods used in these attacks have evolved over time, with attackers adopting a mix of symmetric and asymmetric encryption techniques to increase the effectiveness of their attacks. In this approach, the ransomware generates two sets of keys, and a chain of encryption is used to increase the attack effectiveness. In addition to these encryption methods, there has been a notable shift in the execution strategies of ransomware attacks. Increasingly, cybercriminals are focusing more on data theft, followed by extortion campaigns that do not necessarily involve data encryption. VII. RANSOMWARE DELIVERY METHODS In Q4 2023, the most common delivery methods used in ransomware attacks were supply chain attacks, double extortion techniques, and Ransomware-as-a-Service (RaaS) operations. Supply chain attacks became a solid technique for mature and experienced ransomware groups. In these attacks, instead of directly attacking a single victim, the attackers target third-party vendors to gain access to an organization's network. Double extortion was another prevalent method. In this technique, attackers not only encrypt the victim's data but also threaten to leak stolen data if the ransom is not paid. Ransomware-as-a-Service (RaaS) operations also played a significant role. In RaaS, developers create ransomware software and sell access to this tool to criminals who then spread
  • 3. Read more: Boosty | TG it among potential targets. The access is subscription-based, which is why it is called RaaS. Phishing with malicious attachments and exploiting vulnerabilities, such as zero-day vulnerabilities, were also used as initial access methods to the target system VIII. VULNERABILITIES EXPLOITED BY RANSOMWARE In Q4 2023, ransomware attackers continued to exploit a range of vulnerabilities to compromise organizations. One of the most notable vulnerabilities exploited was a two-year-old vulnerability for which a patch had been available for around the same time. This highlights the importance of timely patch management and version control within organizations. Additionally, attackers used a flaw in MagicLine4NX software, affecting versions before 1.0.026, to initiate their attacks. The MOVEit vulnerability was also significant, accounting for a notable percentage of victims in previous quarters, and it is likely that such vulnerabilities continued to be a target for ransomware groups. The year 2023 also saw a surge in the use of zero-day exploits in ransomware attacks, which are vulnerabilities that are unknown to the software vendor or have no patch available at the time of the attack. This trend of exploiting zero-day vulnerabilities underscores the adaptability of cyber threat actors and the need for organizations to enhance their defenses against such evolving threats. IX. EFFECTIVE WAYS TO PREVENT RANSOMWARE ATTACKS In Q4 2023, the most effective ways to prevent ransomware attacks were multifaceted, involving a combination of technical measures, user education, and proactive strategies: • Robust Data Backup: Regularly backing up data is a crucial step in mitigating the impact of a ransomware attack. A secure, robust data backup solution can ensure that even if data is encrypted by ransomware, the organization can restore its systems without having to pay the ransom • Cyber Awareness Training: Training employees to recognize and avoid potential ransomware threats, such as phishing emails and malicious attachments, can significantly reduce the risk of successful attacks • Patch Management: Regularly updating and patching software can eliminate known vulnerabilities that ransomware might exploit • Advanced Threat Prevention: Automated threat detection and prevention systems can identify and resolve most ransomware attacks before they cause significant damage • Endpoint Security: Robust endpoint security solutions, including antivirus and anti-malware software, can detect and block ransomware threats • Network Segmentation: Dividing the network into separate segments can prevent ransomware from spreading across the entire system • Zero Trust Security Model: Implementing a zero-trust model, where access to resources is granted only after a user has successfully verified their identity, can reduce the attack surface against ransomware • Multi-factor Authentication (MFA): Implementing MFA can add an additional layer of security, making it more difficult for attackers to gain access to systems • Least Privilege Access: Ensuring that users have the minimum levels of access necessary to perform their tasks can limit the potential damage of a ransomware attack • Application Whitelisting: Allowing only approved applications to run on a system can prevent ransomware from executing