A Ransomware Swarm, Is That a Thing Now?

It could well be, according to a recent report by Kroll, who have been tracking various attacks globally. Here’s the word;

Q1 of 2023 saw ransomware swarm. While well-known ransomware-as-a-service (RaaS) operations such as LOCKBIT continued to dominate the ransomware landscape, there was in fact a 56% increase in “one-off”, lesser-known, and independent threat actors targeting organizations with ransomware. The main target for these threat actors was the professional services sector, in particular, legal firms, with a 57% increase in the overall targeting of the professional services sector from the end of 2022.
Kroll’s Q1 Threat Landscape Report also found:
  • Ransomware accounted for 30% of Q1 cases and email compromise accounted for 26% of cases
  • This rise in unique variants included new variants such as CACTUS, DARKSKY and NOKOYAWA and others familiar, but not observed in several quarters, such as XORIST and RANSRECOVERY
  • Phishing continues to lead the pack when it comes to initial access across all cases.
  • An ongoing SEO poisoning campaign by the actors behind GOOTLOADER malware, targeting legal professionals searching for standard contracts and templates.
  • Several instances of clients downloading malicious OneNote attachments as part of an ongoing QAKBOT campaign dubbed “QAKNOTE.”
Email still seems to be a popular way to access systems, Laurie Iacono, Associate Managing Director for Cyber Risk at Kroll added:
“The rising number of “one-off” ransomware variants means that time-poor security teams need to defend against a swarm of smaller groups on top of the major RaaS players. This increase is likely in part due to several RaaS groups being dismantled in the last year and the ease of entry for smaller threat actors to conduct encryption.
“In our observation, phishing continues to be the main point of entry for hackers so making sure that employees are trained in cybersecurity best practices and having powerful endpoint protection in place is a key first step in helping to prevent attacks. Detecting exfiltration of data and responding quickly can make the difference between a superficial data loss and a catastrophic one. It also serves as one of the last detection opportunities before a large-scale threat like ransomware which may encrypt systems and render critical services unavailable.
“Network monitoring can be used to detect large amounts of data leaving the corporate network, but there are many ways threat actors can avoid detection from network monitoring tools. This means that businesses must carefully analyze behaviours within the network. Remaining vigilant with the right technology and trusted security partners is a vital defence against the swarm.”
About alastair walker 11377 Articles
20 years experience as a journalist and magazine editor. I'm your contact for press releases, events, news and commercial opportunities at Insurance-Edge.Net

Be the first to comment

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.