In a recent report by NCC Group's October Threat Pulse, it was revealed that ransomware attacks, while experiencing a 34% decrease in October compared to a record-breaking September, have seen an alarming 81% year-on-year increase from October 2022. With just two months left in 2023, this surge has already resulted in more victims falling prey to ransomware gangs than in the entire previous year.
The report delves into the changing landscape of ransomware threats, highlighting key trends and shifts in the world of cybercrime.
Top Threat Actors: New Players Emerge
While the top threat actors remained mostly consistent in October, there were notable changes, with Lockbit 3.0 leading the pack with 19% of total attacks. Newcomers like Akira, Medusa, and INC Ransom joined the list, while Play and NoEscape surged in rankings from seventh and eighth place to second and third, respectively. Interestingly, there was an 84% decline in undisclosed attacks, falling from nineteen attacks in September to just three in October. This could be attributed to the 33% decrease in attacks by the ransomware group BianLian this month or possibly increased cooperation from BianLian's victims.
A Changing Playing Field for Threat Actors
October marked a shift in the ransomware threat landscape as newcomer LostTrust, which was responsible for 10% of all ransomware attacks in September, claimed no victims at all. Additionally, law enforcement takedowns of Trigona and RagnarLocker contributed to a decrease in total case numbers. The sale of the previous key player, RansomedVC, also played a role in the drop.
Prime Targets on the Western Front
As in previous months, North America remained the most targeted region in October, accounting for 52% of all attacks. Europe followed closely behind with 29% of attacks, while Asia was the third most targeted region with 10% of attacks. Notably, there was a 100% increase in ransomware attacks on Africa in September, climbing from 2 to 4.
Healthcare Joins the Top Three Most Targeted Sectors
Industrials remained the most targeted sector in October, despite a decrease in the number of attacks from 170 in September to 114. The abundance of personally identifiable information (PPI) and intellectual property (IP) in the sector makes it an attractive target for cybercriminals. Consumer cyclicals held their position as the second most targeted sector. However, healthcare saw a significant uptick in attacks, making it the third most targeted sector following a 50% decrease in attacks on the technology sector.
Spotlight – Threat Actors Using Antidetection Tools
The report also shed light on the growing use of antidetection tools by threat actors. Antidetection browsers, commonly known as 'antik,' enable the creation of multiple unique browser user profiles across multiple tabs, evading detection by anti-fraud systems. These tools manipulate browser connections, concealing the primary system's fingerprint and assuming the identity of another device and profile. This allows threat actors to fly under the radar of websites that scrutinize visitor data for user profiling, data protection, and fraud prevention.
Antidetection tools create identifiable data such as device specifications, processor type, RAM details, screen settings, and hardware configurations. The widespread availability of these tools, both legitimate and malicious, empowers threat actors, leading to a systemic issue of data compromise and increasing the potential for larger cyber threats.
Matt Hull, Global Head of Threat Intelligence at NCC Group, warns against complacency, stating, "The decrease in attacks from September shouldn't give us a false sense of security. The dramatic increase of attacks from the same time last year is significant, and even with two months left of 2023, ransomware gangs have already claimed over 50% more victims than last year."
Hull emphasizes the need for organizations to bolster their cybersecurity measures, especially in light of the rise in tools like Antik, which provide malicious actors with new opportunities while making it harder for defenders to detect and prevent attacks.
"In the current turbulent climate, both economically and geopolitically, threat actors are looking for new ways to make money," Hull adds. "Malicious groups are making use of an ever-increasing abundance of tools, such as anti-detection software like Antik. These tools, while also being used for legitimate means, provide opportunities for malicious actors and make it harder for defenders to track down, prevent, and detect attacks. As always, this highlights the need for organizations to continue taking robust cybersecurity measures to counteract these insidious practices."