Check Point Research: 2023 – The year of Mega Ransomware attacks with unprecedented impact on global organizations
- A Staggering 1 in every 10 organizations worldwide hit by attempted Ransomware attacks in 2023, surging 33% from previous year, when 1 in every 13 organisations received ransomware attacks
- Throughout 2023, organizations around the world have each experienced over 60,000 attacks on average, 1158 attacks per organization per week
- Retail/Wholesale sectors witnessed a notable 22% spike in attacks weekly, compared to 2022
Global Trends in Cyberattacks
The digital realm continues to be a battleground for cyber security, with 2023 marking another year of relentless cyber attacks globally. Check Point Research’s comprehensive analysis of cyber attack data, including statistics for all regions, and globally, offers a revealing look into the ever-evolving landscape of cyber threats.
*Data on this report is derived from ThreatCloud AI, Check Point’s Big Data Intelligence engine.
ThreatCloud AI aggregates and analyzes big data telemetry and millions of Indicators of compromise (IoCs) every day. Its threat intelligence database is fed from 150,000 connected networks and millions of endpoint devices, as well as Check Point Research and dozens of external feeds. ThreatCloud AI updates newly revealed threats and protections in real-time across Check Point’s entire security stack.
Overall Global Attacks:
The year 2023 was marked by a persistent escalation in cyber threats. Organizations across the globe experienced an average of 1158 weekly cyber attacks each. This represents a 1% increase in cyber attacks compared to 2022, and keeping the significant increase seen from previous years, signaling a continuous and worrying trend in the digital threat landscape.
In 2023, the cyber threat landscape saw an evolution, particularly in how ransomware threats were executed. While ransomware continued to pose a serious risk, especially to smaller and less fortified businesses, a notable shift occurred with some attackers concentrating on data theft and purely extortion-based campaigns. This change in tactics is evident in two prominent attack campaigns – the MOVEit and GoAnywhere incidents. These attacks did not use traditional encryption-based ransomware; rather, they revolved around extortion, with attackers demanding payment in return for not publicly releasing the stolen data.
Global Attacks per Industry:
The industry-wise breakdown reveals a dynamic shift. The Education/Research sector, previously a prime target, experienced a notable 12% decrease in attacks, although has still remained on top of the list with the highest volume of cyber attacks. Conversely, Retail/Wholesale sectors faced a 22% increase, indicating a change in attacker focus. The Healthcare sector’s 3% increase in attacks is particularly concerning, given the critical nature of its services.
The Retail/Wholesale sectors experiencing a significant number of cyber attacks in 2023 might be due to several key factors:
- Large Volume of Consumer Data: Retail and wholesale businesses typically handle vast amounts of personal and financial data from customers. This makes them attractive targets for cyber criminals looking to steal sensitive information like credit card numbers, addresses, and personal identification details for identity theft or resale on the dark web.
- Highly Connected and Digitalized Operations: With the advancement of technology, these sectors have embraced digital transformation, relying heavily on online transactions and interconnected systems. This increased digital footprint offers more entry points for cyber attackers.
- Complex Supply Chain Networks: Retailers and wholesalers often have intricate supply chain networks, involving numerous vendors and third-party service providers. Each node in this network can potentially be a vulnerability if not adequately secured, providing cybercriminals with multiple avenues for attack.
- E-commerce and Online Presence: The growth of online shopping has led to an expansion in e-commerce platforms. These platforms, if not securely built and maintained, can be exploited through various methods such as SQL injections, cross-site scripting, or other web application attacks.
- Insufficient Cybersecurity Measures: Smaller retailers and wholesalers might not have the resources for robust cybersecurity defenses compared to larger corporations, making them easier targets for cyber attacks.
- High Transaction Volumes: High volumes of daily transactions make it easier for fraudulent activities to go unnoticed. Cybercriminals exploit this by attempting to blend their malicious activities within the large number of legitimate transactions.
- Seasonal Spikes in Activity: Retail/Wholesale sectors often experience seasonal spikes in activity, such as during holiday or shopping seasons, where the increased volume of transactions and busy staff may lead to lowered vigilance and increased susceptibility to attacks like phishing or ransomware.
Global Attacks per Region:
Regionally, APAC led with the highest average number of weekly attacks, with an average of 1930 attacks per organization, a 3% increase compared to last year , while Africa witnessed a substantial 12% YoY increase in the average number of weekly attacks per organization, reaching an average of 1900 attacks.
2023 – The Year of Mega Ransomware attacks
In 2023, the landscape of ransomware underwent a significant upheaval, marked by a major surge in both conventional ransomware and the more formidable mega-ransomware. This unsettling trend was underscored by the alarming prevalence of zero-day exploits, amplifying the extent of damage inflicted and the number of victims impacted, with an increasing number of hacking groups boldly (though in some cases, falsely) claiming responsibility.
Compunding the urgency of the situation, emerging regulatory pressures compelled more companies to disclose incidents of cyber extortion, amplifying the collective awareness of the pervasive threat. The overarching narrative of 2023 became synonymous with the relentless onslaught of mega ransomware attacks, as hackers continued to exploit vulnerabilities, leaving a trail of organizations grappling with the aftermath of these malicious attacks.
Another notable shift was observed in the execution strategies of these ransomware attacks. Traditionally focused on encrypting victim data and demanding ransom for its release, an increasing number of cybercriminals in 2023 adopted a different approach. They concentrated more on data theft, followed by extortion campaigns that did not necessarily involve data encryption but rather threats of public disclosure of the stolen data. This evolution in ransomware tactics signifies a strategic pivot, where the emphasis shifted from disrupting operations through encryption to leveraging stolen data for monetary gains through extortion. This change underscores the adaptability of cyber threat actors and highlights the need for businesses, especially though not solely, smaller ones with limited cybersecurity resources, to enhance their defenses against such evolving ransomware threats.
Overall Global Ransomware Attacks: All-Time peak in 2023
Throughout 2023, 10% of organizations worldwide have been targeted by an attempted ransomware attack. This is a significant increase from a total of 7% of organization suffering the same threat in the previous year, and also the highest rate in the past years.
Ransomware Attacks per Region: Americas witness highest spike YoY
The impact of ransomware on organizations was seen across the main regions of the world, with APAC having the highest ratio with 11% of organizations targeted by ransomware in 2023, while the Americas showed the largest increase – climbing from 5% of organizations in 2022 to 9% in the past year
Industry-Specific Ransomware Trends:
The top impacted industries by ransomware attacks in 2023 were Education/Research with 22% of organizations suffering this type of attack, followed by Government/Military with 16% and Healthcare with 12%.
HOW DEFENDERS ARE LEVERAGING AI TO PREVENT THE NEXT ATTACK
In the rapidly evolving landscape of cybersecurity, artificial intelligence (AI) has emerged as a powerful tool for defending against sophisticated and ever evolving cyberattacks. It has had a profound effect on both the efficacy of ransomware and other attacks methods, and the ability to defend against these advanced campaigns. One of the key areas where AI is making a significant impact is in threat detection and analysis. AI-powered cybersecurity systems excel at identifying anomalies and detecting previously unseen attack patterns, thereby mitigating potential risks before they escalate.
For example, Check Point’s ThreatCloud AI powers all of our solutions using AI technologies with big data threat intelligence to prevent the most advanced attacks while reducing false positives. It aggregates and analyzes big data telemetry and millions of Indicators of Compromise (IoCs) every day. Consider this scenario. A new malicious link is detected and blocked in a zero-day attack in the US. The threat data is immediately shared across all attack vectors with protections for this attack updated in real time. This same zero-day malicious link can then be blocked less than two seconds later in a similar attack in Australia –preventing the attack from causing disruption and damage.
PRACTICAL ADVICE: PREVENTING RANSOMWARE AND OTHER ATTACKS
Here are a few simple tips to keep organization safe and secured:
- Robust Data Backup
The goal of ransomware is to force the victim to pay a ransom in order to regain access to their encrypted data. However, this is only effective if the target actually loses access to their data. A robust, secure data backup solution is an effective way to mitigate the impact of a ransomware attack.
Cyber Awareness Training
Phishing emails are one of the most popular ways to spread ransom malware. By tricking a user into clicking on a link or opening a malicious attachment, cybercriminals gain access to the employee’s computer and begin the process of installing and executing the ransomware on it. Frequent cybersecurity awareness training is crucial to protecting the organization against ransomware, leveraging their own staff as the first line of defence in ensuring a protected environment. This training should instruct employees on the classic signs and language that are used in phishing emails.
- Up-to-Date Patches
Keeping computers up-to-date and applying security patches, especially those labelled as critical, can help to limit an organization’s vulnerability to ransomware attacks as such patches are usually overlooked or delayed too long to offer the required protection.
- Strengthening User Authentication
Enforcing a strong password policy, requiring the use of multi-factor authentication, and educating employees about phishing attacks designed to steal login credentials are all critical components of an organization’s cybersecurity strategy.
- Anti-Ransomware Solutions
Anti-ransomware solutions monitor programs running on a computer for suspicious behaviors commonly exhibited by ransomware, and if these behaviors are detected, the program can take action to stop encryption before further damage can be done.
- Utilize Better Threat Prevention
Most ransomware attacks can be detected and resolved before it is too late. You need to have automated threat detection and prevention in place in your organization to maximize your chances of protection, including scanning and monitoring of emails, and scanning and monitoring file activity for suspicious files. AI has become an indispensable ally in the fight against cyberthreats. By augmenting human expertise and strengthening defense measures, AI-driven cybersecurity solutions provide a robust shield against a vast array of attacks. As cybercriminals continually refine their tactics, the symbiotic relationship between AI and cybersecurity will undoubtedly be crucial in safeguarding our digital future.
Conclusion
The data from 2023 offers invaluable insights into the shifting patterns of cyber attacks, underscoring the need for adaptive and robust cyber defense strategies. As cyber threats continue to evolve in complexity and frequency, staying ahead of these trends is not just advisable, but essential for global cyber resilience.