Ransomware threat evolves to effectively hold victims hostage
Ransomware and breach-for-ransom campaigns continued to grow in Q4 2023, with one of the larger groups, ALPHV Blackcat, compromising more than 1,000 victims with ransomware and data extortion and reaping more than $300 million in ransom payments by the end of the quarter. Attack strategies have evolved from crypto-ransomware (where attackers encrypt data and hold the decryption key) to breach-for-ransom campaigns (where attackers steal sensitive data and threaten to release the sensitive information unless paid) to double- and triple-extortion strategies (where attackers combine tactics for more dire consequences).
Mick Paisley, Chief Security & Resilience Officer at Mimecast, said: “We blocked nearly 250 million attacks against Mimecast-protected systems in January – a new record high for the business, highlighting the sheer scale of the threat.
“It’s striking that in a busy election year, with 76 countries due to go to the polls, geopolitical tensions have increased, leading to more cyberattacks, with over 100 hacker groups claiming participation in the Israel-Gaza conflict alone. It is deeply concerning that nation-states are using cyber operations to gather intelligence on rival governments and attack critical infrastructure and information systems. Organizations must act to ensure they and their employees are protected against this continuing uptick in malicious activity. Our new report offers threat-specific countermeasures and general recommendations to help combat threats.”
Small and Medium businesses pay BIG price
Users at small and medium-sized businesses encountered more than twice the number of threats — 31 and 32 threats per user (TPU), respectively — than users at large companies, who saw about 15 TPU in Q4.
The larger risk for SMBs is due to a greater share of employees in critical roles; targeting those users results in a higher level of threats per user. In addition, because SMBs rely on credential-based cloud services for much of their operations, attackers are more focused on credential theft, a common phishing goal. A striking 99% of UK businesses are small to medium enterprises, according to the UK Government, making the threat particularly pronounced in the UK.
Threat actors become less attached
In Q4, for the first time, the average user was more likely to encounter a malicious link than a malicious attachment. With users ignoring the overwhelming volume of email messages blocked as either spam or impersonation (phishing), attackers are shifting from delivering payloads as malware to sending links to malicious sites, which then deliver the payload.
Mimecast’s Global Threat Intelligence Report October – December 2023.