As ransomware attackers continue to evolve and adapt their techniques, organizations must refine and adapt their security strategies to stay ahead of these threats.
Human-augmented, actionable threat intelligence plays a critical role in every organization's strategy - and Securin's 2023 retrospective on a year's worth of ransomware threats and attack groups brings additional insight to help enterprises learn, proactively mitigate risks and strengthen their security posture.
2023 Year in Review: Ransomware Through the Lens of Threat and Vulnerability Management analyzes the 230,648 Common Vulnerabilities and Exposures listed in the National Vulnerability Database, prioritizing them on severity, affected systems and vulnerability characteristics.
Ransomware attacks are becoming more common and costly for businesses.
On average, a data breach caused by a ransomware attack costs approximately $5.11 million and results in significant downtime lasting days or weeks, severely disrupting business operations.
Compared to the 344 attacks counted in 2022, we found 38 new ransomware-associated vulnerabilities by the end of last year.
While the CVSS scoring system notes that 17% of the 382 CVEs are low or medium risk, they remain a viable ransomware target.
Of the 382 vulnerabilities linked to ransomware, 67.5% are connected to MITRE's 2023 Top 25 Most Dangerous Software Weaknesses.
Attackers now have 21 more pathways for start-to-finish exploitation than they did last year.
Kill chain vulnerabilities are CVEs that allow attackers to go from network infiltration to data extortion.
The year's dominant ransomware groups included Cl0p, BlackCat, and LockBit 3.0, and all three are poised to continue their attacks in 2024.
Our cybersecurity experts noticed the emergence of ten new ransomware families this year.
These families consist of one or more ransomware groups characterized by unique tactics and malware.
On top of these newly established families, three Advanced Persistent Threat groups - Scattered Spider, FIN8, and RomCom - began using ransomware in 2023.
These ransomware groups have increasingly begun targeting the education, healthcare and financial sectors.
Ransomware groups have shifted their focus toward these sectors because they can leverage this highly confidential data to extort costly ransom payments from victims by threatening to publish or destroy the stolen information.
The consequences of these attacks can be devastating for both the targeted organization and the individuals whose data is compromised.
External attack surface management and periodic penetration testing play a key role in providing a holistic view of potential entry points or weaknesses in the attack surface.
Scheduling regular backups can ensure that organizations can restore critical data if the system is compromised during a ransomware attack.
The nature and severity of attacks are constantly evolving, from AI-driven threats to the rising number of ransomware groups.
This Cyber News was published on www.cybersecurity-insiders.com. Publication date: Mon, 11 Mar 2024 23:43:05 +0000