The latest data on the threat of cyber attacks serves as a reminder that robust cyber security and vigilance are more critical than ever. Paul Budde reports.

IN AN INCREASINGLY digital world, cyber threats are evolving at an alarming pace. Akamai Technologies, a prominent player in cybersecurity and content delivery services, has just released its latest State of the Internet (SOTI) report titled ‘Ransomware on the Move: Exploitation Techniques and the Active Pursuit of Zero-Days’.

This research delves deep into the world of ransomware attacks, shedding light on the evolving techniques employed by malicious actors and the shifting focus from phishing to vulnerability exploitation.

The changing face of ransomware attacks

One of the most concerning findings in the report is the dramatic shift in ransomware attack techniques. Ransomware groups, known for their relentless pursuit of financial gain through digital extortion, have increasingly turned their attention to the exploitation of vulnerabilities.

Government unveils latest weapon against cybercrime

Prime Minister Albanese has announced plans for a new department within Home Affairs as a strategy against the growing threat of cybercrime.

This transition has led to a staggering 143% surge in ransomware victims between the first quarter of 2022 and the same period in 2023. No longer content with traditional phishing methods, attackers are actively seeking and exploiting zero-day and one-day vulnerabilities to infiltrate their targets.

The dominance of LockBit and the rise of ransomware

Within this evolving landscape, the LockBit ransomware group emerges as a dominant force, accounting for a staggering 39% of total ransomware victims. This figure is more than quadruple the number of victims attributed to the second-highest-ranked ransomware group.

Intriguingly, the report uncovers the aggressive tactics of the so-called CL0P Ransomware Group, which has witnessed a remarkable nine-fold increase in victims year over year. This group is actively developing zero-day vulnerabilities, adding a new layer of sophistication to its attacks.

No safe haven for smaller organisations

One disconcerting revelation from the report is that smaller organisations, often assuming they are less attractive targets, remain at significant risk. More than 60% of analysed victims fall within the revenue bracket of up to US$50 million (AU$78.7 million). Strikingly, even organisations with reported revenues exceeding $500 million contribute 12% to the total victim count.

Furthermore, the report underscores the unsettling reality that victims of multiple ransomware groups are over six times more likely to experience subsequent attacks within just three months of the initial breach.

Cyber hygiene requires critical thinking and protection of privacy

As the world continues to go digital, there are more threats we need to take precautions against.

Impact across industries

The report shines a spotlight on the varying impact across industries, highlighting potential vulnerabilities within global supply chains. Manufacturing, for instance, stands out as the vertical with the highest number of victims, accounting for a staggering 20%.

LockBit, as one of the most pervasive ransomware strains, is responsible for 41% of these attacks. The healthcare sector also experiences a significant threat, witnessing a 39% increase in victims during a specific period. The ALPHV ransomware (also known as BlackCat) and LockBit ransomware groups are the primary culprits targeting this critical sector.

Financial services and retail sectors are not exempt from this cyber onslaught. Financial organisations witnessed a 50% increase in the total number of impacted entities year over year. Retail, on the other hand, ranks third in the number of ransomware victims per industry, with a concerning 9% increase in attacks.

Asia Pacific under siege

The report’s insights extend globally but also provide a specific focus on the Asia Pacific region. LockBit emerges as a pervasive threat, reigning as the most prevalent ransomware across various industries in the region. It commands a striking 60% of attacks in manufacturing, 55.8% in business services, 57.7% in construction, 45.8% in retail and 28.6% in energy sectors.

The CL0P ransomware group, operating aggressively in the Asia Pacific landscape, exploits zero-day vulnerabilities to wreak havoc. An attack on MOVEit, for instance, contributed to the surge in ransomware victims in the region during the first quarter of 2023.

Notably, the majority of ransomware victims in the Asia Pacific are small-to-medium-sized enterprises (SMEs) with reported revenues of up to US$50 million, dispelling the notion that only larger enterprises are prime targets.

Industry calls for better government approach to cybercrime

A call has been made to consolidate the nation’s cybersecurity strategies into a single framework, undoing the Coalition’s lack of vision.

A changing modus operandi

One of the most striking shifts in ransomware tactics is the increasing focus on exfiltrating files. This new approach has become the primary method of extortion, rendering file backup solutions inadequate in safeguarding against ransomware attacks. As the landscape evolves, organisations must reassess their strategies to counter this growing menace effectively.

The unsettling reality

The Akamai SOTI report serves as a stark reminder that the realm of cyber threats is ever-changing and that malicious actors are continually refining their techniques. Ransomware, once synonymous with phishing campaigns, is now leveraging advanced exploitation methods to compromise victims. No organisation, regardless of size or industry, is immune to the dangers posed by these evolving cyberattacks.

As the world becomes increasingly interconnected, the need for robust cybersecurity measures and constant vigilance has never been more critical.

Paul Budde is an Independent Australia columnist and managing director of Paul Budde Consulting, an independent telecommunications research and consultancy organisation. You can follow Paul on Twitter @PaulBudde.