Alarming Security Report Warns Of An Unprecedented Surge In Ransomware Attacks
Over the course of 2023, we saw a number of high-profile ransomware attacks, such as those that took place in Las Vegas, beginning with the ALPHV compromise of the MGM chain of casinos. However, while these were impressively large breaches, realistically, these were just the attacks that got the most coverage. Researchers at Check Point note in a report on 2023 cybersecurity trends that ransomware group Cl0p managed to compromise roughly 2600 organizations using vulnerabilities found in the GoAnywhere and MoveIt file-transfer software packages. The organizations associated with the MoveIt compromise have been estimated to yield as much money as the MGM breach but with less media coverage.
Regardless of the coverage, the Cl0p's activity is indicative of another trend in cybersecurity, which involves the use of zero-day vulnerabilities. Zero-day vulnerabilities, while they may have limited shelf-lives due to the higher use of exploitation leading to them being patched, also can yield quicker results in the half-life before being broadly patched. With this, though, threat actors also have to weigh the economic value of these sorts of attacks with respect to a return on investment in developing these zero-day attacks.
In any event, despite the interesting trends in cybersecurity, which Check Point delves more into in the report, the pressure is most certainly on threat actors. Yesterday, a years-long collaboration between the United States and the United Kingdom was finally revealed, leading to a colossal blow to LockBit ransomware operations. In the coming days, vx-underground reported that law enforcement will be revealing information about LockBit’s tools, techniques, and procedures, as well as releasing decryptor tools to help the victims of the group. Further, there have been arrests made around the world and there are likely many more to come.
With this in mind, the ransomware industry, while lucrative, has significant risk with an ever-tightening noose, as government agencies look to stop the activity. While we had expected 2023 to be the year where ransomware comes under our control, much like a wildfire it continued to spread, but we may just see it happen in 2024 instead.