International. According to the consulting and research firm Palo Alto Networks, 1,762 attacks have been investigated, which represents a year-on-year increase of 49% compared to the previous year.
The increase in cyberattacks around the world has continued to grow, despite law enforcement operations that have dismantled dominant groups such as Ambitious Scorpius (BlackCat distributors) and Flighty Scorpius (LockBit distributors) in the world.
international panorama. Some high-profile ransomware groups have disappeared publicly, however, other groups have filled those gaps.
This is announced by Unit 42, threat and incident researchers and security consultants at Palo Alto Networks, through its report "Ransomware Review: First Half of 2024", with which they closely monitor ransomware and extortion leak sites
to stay on top of cybercriminal activity globally.
In the research, they have reviewed the threat ads of 53 websites dedicated to leaks in the first half of 2024, so they have found 1,762 new posts. This is an average of approximately 294 posts per month and almost 68 posts per week.
Of the ransomware groups whose breach sites they have monitored, six of them were responsible for more than half of the attacks. The United States was by far the country with the most victims, registering 917 attacks, accounting for 52%
of the total. In order of impact, the remaining 10 countries were: Canada, the United Kingdom, Germany, Italy, France, Spain, Brazil, Australia and Belgium.
Although ransomware attacks remain largely opportunistic, the report determines that the most affected sectors were the Manufacturing industry with 289 attacks (16.4% of the messages observed), Healthcare (9.6%) and Construction (9.4%).
The latter integrate technologies and devices that can be difficult to monitor and protect. As in Manufacturing, Healthcare is extremely sensitive to disruptions and downtime, so any seasonal fluctuations that may occur due to annual vacations, travel seasons, and other recurring events that could lead to attacks are carefully investigated.
Most common vulnerabilities
The newly revealed vulnerabilities mainly drove ransomware activity, as attackers were quick to take these types of opportunities. Criminal groups often exploit weaknesses to access victims through their own networks and move laterally through infected environments.
The threat ecosystem has been flooded with zero-day vulnerabilities and other more serious ones, generating a wide menu to choose from. According to Unit 42's most recent Incident Response Report, vulnerabilities became the leading cause of initial access during 2023, surpassing other common methods such as phishing for the first time.
This trend continues into 2024, highlighting more prolific vulnerabilities exploited by ransomware groups in the first half of 2024. In this context, it is necessary for organizations to seek to implement a solid management program for the
vulnerabilities that take into account those previously known, as well as the new ones that were included in the report for the first half of 2024.
Leave your comment