48 ransomware groups breach 2,200+ victims globally in Q2 2023

USB drives are being used to infect organisations globally

Check Point Research (CPR), the Threat Intelligence arm of Check Point Software Technologies, a leading global provider of cyber security solutions, has unveiled its 2023 Mid-Year Security Report.

The report uncovers an unsettling 8% surge in global weekly cyberattacks in the second quarter, the most significant increase in two years, highlighting how attackers have cunningly combined next-gen AI technologies with long-established tools like USB devices to conduct disruptive cyberattacks.

The report also showcases how ransomware attacks have escalated in the first half of the year, with new ransomware groups coming onto the scene.

From the tripe extortion attack on the University of Manchester to the rise of the new group Anonymous Sudan targeting Western entities, the 2023 Mid-Year Security Report uncovers the trends and behaviours that have defined the year so far.

The 2023 Mid-Year Security Report provides a comprehensive account of the cyber-threat landscape.

The findings are based on data drawn from the Check Point ThreatCloud Cyber-Threat Map, which looks at cybercriminals’ key tactics to conduct their attacks.

Key insights from the 2023 Mid-Year Security Report include:

• Ransomware groups have stepped up, exploiting vulnerabilities in commonly used corporate software and shifting their approach from data encryption to data theft.
• USB devices have resurfaced as significant threats, with state-affiliated groups and cybercriminals deploying USB drives as vectors for infecting organisations globally.
• Hacktivism has risen, with politically motivated groups launching attacks on selected targets.
• Artificial Intelligence misuse has amplified, with generative AI tools used to craft phishing emails, keystroke monitoring malware, and basic ransomware code, calling for more robust regulatory measures.

In H1 2023, 48 ransomware groups have breached over 2,200 victims, with Lockbit3 being the most active, reporting a 20% increase in victims compared to H1 2022.

The emergence of new groups like Royal and Play is associated with the termination of Hive and Conti Ransomware-as-a-Service (RaaS) groups.

Regarding geography, 45% of victims are in the US, with an unexpected rise in Russian entities due to the novel actor ‘MalasLocker’, which substitutes ransom demands with charitable donations.

The manufacturing and retail sectors have seen the most victims, suggesting a shift in ransomware attack strategy.

Maya Horowitz, VP of Research at Check Point Software, said: “Criminal activities have continued to rise in the first half of the year, with an 8% surge in global weekly cyberattacks in the second quarter marking the highest volume in two years.

“Familiar threats such as ransomware and hacktivism have evolved further, with threat groups modifying their methods and tools to infect and affect organisations worldwide. Even legacy technology such as USB storage devices, which have long been gathering dust in desk drawers, have gained popularity as a malware messenger.”

“Organisations need to build a cyber resiliency strategy and strengthen their defences by adopting a prevention-first, integrated approach to cyber security. Cyberattacks are inevitable but can be prevented by proactive measures and the right security technologies.”

Featured image: Ransomware attacks are targeting the retail sector globally. Image: Arnold Pinto