Global levels of ransomware attacks rose 30% in November, with a total of 442 attacks, following a lower volume of attacks in October according to NCC Group's November Threat Pulse.
As the third most active month of the year, ransomware levels in November have taken the total number of global ransomware attacks to 4,276 cases so far, surpassing predictions that the total figure would hit 4,000 with one month of 2023 still to go.
Industrials sector continues to be hardest hit Following the trends witnessed across the year so far, Industrials was the most targeted sector in November, with 146 of all attacks, marking a 28% increase from October.
As Industrials are focused on digitalization to enhance efficiency and productivity, there is a greater risk of ransomware attacks.
Consumer Cyclicals is the second most targeted sector with 78 of attacks, with Healthcare also holding its third place spot from October with 50 of attacks.
Another month of high levels of ransomware for healthcare indicates a concrete shift in the threat landscape for the sector.
LockBit remains a dominant player In November, LockBit was the most active threat actor, with a 73% month-on-month increase in activity from 66 attacks recorded in October.
BackCat takes second place in November with 49 of attacks and a month-on-month increase of 58%. Play drops down from the 2nd most active group in October to third in November, responsible for 10% of all attacks.
The top three threat actors in November were in total responsible for 206 of all attacks.
Ransomware attacks in Europe rise As expected, Europe and North America witnessed with majority of attacks in November.
Consistent with this year's trends, North America remains the most targeted region with 219 of attacks.
Ranking the second most targeted region, Europe witnessed 135 of attacks, an increase by 36 following 99 attacks in the region in October.
Asia took third place with 46 attacks and overall, November saw an increase in the number of undisclosed targets, meaning unrevealed regions.
Spotlight - The return of Carbanak November saw a return of the well-known banking malware Carbanak in ransomware attacks.
First emerging in 2014, Carbanak malware has been used by ransomware gangs to infiltrate financial systems by deploying advanced phishing techniques to compromise bank employees.
Carbanak's popularity had fallen until November, but last month's use of the malware returned having evolved over recent years.
The malware has adapted to incorporate attack vendors and techniques to diversify its effectiveness.
Imposters in November included the CRM platform HubSpot, data management software Veeam and account tool Xero.
In the lead up to Christmas, ransomware groups are typically active to push profits before taking a somewhat break over the festive period.
As we look to the new year, with the Industrials sector in particular remaining the most attractive sector for ransomware gangs, cybersecurity must be a key priority for the industry to improve supply chain resilience.
This Cyber News was published on www.darkreading.com. Publication date: Thu, 21 Dec 2023 22:45:36 +0000