SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Ransomware attacks surge 81% in October, new threat actors emerge
Thu, 30th Nov 2023

Data coming from the NCC Group's Threat Intelligence team reveals that ransomware attacks have surged by 81% in October 2023, compared to the same period in the previous year. This rise in October attacks has led to ransomware gangs claiming over half more victims in 2023 than during the whole of 2022.

Most notable among threat actors in October 2023 was Lockbit 3.0, responsible for 19% of total attacks. New players entering the scene included Akira, Medusa, and INC Ransom. The sale of key player, RansomedVC, did contribute to a drop in total attacks compared to September 2023.

Shifting trends were revealed in the targeted sectors. Healthcare was among the top three most targeted sectors in October, thus demoting the Technology sector to fourth place. Last month experienced a serious increase in the number of attacks aimed at the Healthcare sector.

Despite being down by 34% from September's record-breaking high, ransomware activity in October 2023 nonetheless recorded a year-on-year increase of 81%. According to NCC Group's October Threat Pulse data, ransomware gangs have already victimised over 50% more individuals and enterprises in 2023 than during the entirety of 2022.

The distribution of attacks across regions mostly aligns with trends from previous months. North America remained the most targeted region with 52% of all attacks. Europe followed in second place with 29% of total attacks, while Asia rounded out the top three with 10%.

Further changes were observed in the threat actor landscape. Notably, newcomer LostTrust, which was responsible for 10% of all ransomware attacks in September 2023, claimed no victims in October. In addition, law enforcement takedowns of Trigona and RagnarLocker have removed these actors from the stage. Interestingly, a sharp decline in undisclosed attacks was also recorded with a drop of 84% from 19 attacks in September to just three in October.

An alarming trend was observed in threat actors increasingly using antidetection tools to analysis, replicate, and exploit digital behaviour while evading detection. One notorious player in this covert game, known as 'antik,' enables the creation of unique browser user profiles while sidestepping the vigilance of anti-fraud systems.

Commenting on these findings, Matt Hull, Global Head of Threat Intelligence at NCC Group, said: "The decrease in attacks from September shouldn't give us a false sense of security. We often see a reduction in attacks after a record month, such as was experienced in September. The dramatic increase of attacks from the same time last year is significant and even with 2 months left of 2023, ransomware gangs have already claimed over 50% more victims than last year."

Hull added that malicious groups are cashing in on the current turbulent economic and geopolitical climate by harnessing tools like anti-detection software to exploit end users and compromise data and connection points. As always, he underscored, this highlights the need for organisations to continue taking robust cybersecurity measures to counteract these insidious practices.