Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.
Cybercrime is running rampant. Yet, while the latest exploits of the Lapsus$ group have gotten a lot of attention, particularly in the aftermath of the Uber and GTA VI breaches, LockBit 3.0 has largely slid under the radar, despite gathering dozens of victims.
In fact, according to research released today by NCC Group’s Global Threat Intelligence Team, Lockbit 3.0 accounted for 40% of all ransomware incidents in August, making it the most threatening ransomware threat that month, involved in a total of 64 incidents.
This surge in ransomware comes shortly after the group rebranded from LockBit 2.0 in June earlier this year. It also comes after the gang made the decision to adopt triple extortion techniques to extract the maximum payout from target organizations.
Above all, these findings indicate that ransomware threats are here to stay, at least for now, meaning that enterprises need to be prepared to prevent intrusions if they want to avoid being put in the lose-lose situation of paying a ransom or losing high value data.
Event
MetaBeat 2022
MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.
Register Here
Ransomware: A virtual blight that won’t go away
It’s no secret that ransomware remains one of the most serious and persistent cyber threats facing modern enterprises.
Earlier this year, Verizon research found that year-over-year ransomware attacks increased by 13 percent, and highlighted that 82% of breaches involved the human element.
Unfortunately, other analysts aren’t optimistic that ransomware threats will decrease anytime soon. Just last month, Acronis released a report estimating that global ransomware damages will exceed $30 billion by 2023.
NCC Group’s findings seem to echo this bleak assessment, despite a small decrease in the number of attacks.
“While there is a slight reduction in the volume of attacks in August, there have been some considerable changes among threat groups in particular,” said Global Head of Threat Intelligence at NCC Group, Matt Hull.
“LockBit 3.0 appears to be re-establishing its operations since rebranding in June, while Conti-affiliated BlackBasta looks to be establishing itself within the ransomware landscape following Conti’s operations rebranding,” Hull said.
Hull also noted that new threat actor IceFire has burst on the scene with a spate of attacks in the latter half of August, targeting web hosting services in an attempt to gather the largest amount of data possible.
The way forward: Security awareness
In order to address ransomware threats, organizations need to start concentrating on mitigating human risk, and teaching employees how to better manage their credentials.
Nowhere is the need for this more clearly illustrated than the fact that 25% of the S&P 500, and half of the top 20 most valuable public U.S. companies, have had at least one credential for sale on the dark web.
With regular security awareness training, enterprises can teach employees security best practices, like how to select strong passwords, the importance of not clicking on links or attachments in phishing emails and turning on multi-factor authentication can go a long way toward decreasing ransomware breaches.
This training can then be supplemented with vulnerability and attack surface management solutions, which can help to identify and mitigate exploits in the environment. After all, the less entry points there are, the better.