Ransomware attacks rise 20% in July, industrial sectors hit hardest
The latest report from NCC Group reveals a notable 20% increase in ransomware attacks during July compared to the previous month.
The number of incidents surged from 331 in June to 395 in July. This substantial rise in attacks has primarily targeted industrial sectors, with 125 incidents recorded, pointing to a heightened threat to critical national infrastructure (CNI).
Ian Usher, Deputy Head of Threat Intelligence at NCC Group, highlighted the significance of these findings. "July 2024 has been a stark reminder that the cybersecurity landscape is as turbulent as ever, marked by a surge in ransomware attacks and the spread of misinformation. The Industrials, Consumer Cyclicals, and Technology sectors have borne the brunt of these attacks, with groups like RansomHub and LockBit 3.0 leading the charge," he stated.
RansomHub emerged as the most active ransomware group in July, accounting for 43 attacks, up from 27 in June and representing 11% of all incidents. Following RansomHub, LockBit 3.0 was responsible for 37 attacks, although this is a lower number compared to prior to the group's takedown. Other notable groups included Akira with 29 attacks, Hunters with 25, Play with 20, and Meow with 16 incidents.
Geographically, North America was the most affected region, experiencing 56% of the total global attacks, amounting to 220 incidents. Europe followed with 83 attacks, a slight decrease from the previous month. Oceania saw a significant rise in ransomware activity, with incidents doubling from 10 in June to 22 in July. South America and Africa also reported increases in ransomware incidents, rising to 18 and 10, respectively.
The report suggests that the spike in attacks can be partly attributed to the holiday period, during which businesses often operate with reduced staff. This reduction in workforce includes IT security and support departments, potentially creating vulnerabilities that cybercriminals are keen to exploit. The Consumer Cyclicals sector, particularly hotels and entertainment services, experienced 48 attacks, making it the second-most targeted sector in July. This trend coincides with the summer holiday season, indicating a strategic timing of attacks to maximise disruption and pressure organisations into paying ransoms.
The Healthcare sector also saw a considerable number of incidents, recording 44 attacks in July. In the UK, a mid-July warning from the NHS chief executive underscored the sector's vulnerability, following a series of ransomware incidents in June. This development emphasises the critical need for robust cybersecurity measures to protect healthcare services from such threats.
Additionally, the exploitation of a critical VMware ESXi vulnerability was identified as a significant driver of ransomware activity in July. This vulnerability allowed attackers to gain full administrative privileges, facilitating the theft of sensitive data and the encryption of virtual machines. The report stresses the importance of active patching to mitigate vulnerabilities and protect against ransomware attacks across various sectors.
Usher also noted the evolving techniques employed by cybercriminals. "The rise in sophisticated techniques, such as the use of information stealer malware in their pre-attack phase, highlights that cybercriminals are not standing still. As these threats evolve, so must our defences. It's crucial that we leverage the latest technologies and maintain robust, intelligence-driven security measures to stay ahead, or risk falling behind in this ever-escalating battle," he warned.
Beyond ransomware attacks, July also saw a rise in misinformation, particularly spread via social media. The report cited the role of AI tools like Elon Musk's AI Grok in disseminating false information surrounding events such as the US election. This increase in misinformation has also impacted the coverage and accuracy of global events, including the Summer Olympic Games in Paris, which purportedly had the largest digitally engaged audience.
Overall, the report from NCC Group highlights the persistent and evolving threat landscape faced by various sectors and regions, underscoring the need for continuous vigilance and advancements in cybersecurity measures.