Zero-day exploits drive 143% rise in ransomware victims

A report by cloud firm Akamai claims that a behaviour shift by hacker groups away from phishing and towards abuse of vulnerabilities over the past 6 months has led to a rise in the number of victims.

The report – with the catchy title of ‘Ransomware on the Move: Evolving Exploitation Techniques and the Active Pursuit of Zero-Days’ – throws out an array of statistics involving the current trends around cyber attacks – including the claim that there was a 143% YoY increase in victims during Q1 due to an increase in the number of zero-day and one-day vulnerabilities.

Zero-day vulnerabilities are essentially gaps in software security layers which aren’t known about by the developer or there currently isn’t a patch for.

The primary source of extortion from ransomware groups is now increasingly the exfiltration of files, we’re told, and in some cases, the same victim was attacked twice by different ransomware groups during the periods it covers. In fact, the research claims that victims of multiple ransomware groups are almost six times more likely to get attacked again within three months of the first one.

The report says the majority of ransomware victims in EMEA are in organizations with revenue of up to US$50 million – the logic being smaller companies may have more limited security resources making them easier to infiltrate.

Sector wise, the ‘top five critical industries at risk of a ransomware attack in EMEA’ are manufacturing, business services, retail, construction, and education. We’re told these industries are of particular risk because of a prevalence of specialized and legacy operating systems, and an ‘increased attack surface’ due to a greater number of connected devices and equipment.

In terms of the organisations behind the attacks, CL0P is rising in the EMEA ransomware landscape ‘with an 11x growth spike’, while LockBit malware was responsible for 45% of attacks in EMEA and also accounted for 45.92% of attacks in manufacturing, 45.4% in business services and 45.1% in retail.

“Ransomware continues to be the Achilles’ heel of organizations of all kinds, especially those that don’t have the resources to properly shield themselves from this kind of attack,” said Richard Meeus, Director of Security Technology and Strategy at Akamai. “Businesses should be on high alert that ransomware is indeed on the move and do their best to stop it in its tracks by employing a multilayered approach to cybersecurity, training their employees on social engineering.”

It’s a similar story to what’s being told across the board in terms of rising attacks – in June, Verizon warned the median cost per ransomware attack has more than doubled over the last two years, while Orange Cyberdefense noted that cyber extortion (Cy-X) attacks reached the highest volume to date in Q1, and Nokia on claimed that that the number of IoT devices being used to conduct distributed denial-of-service (DDoS) attacks has risen from 200,000 a year ago to more than 1 million.

Next generation telecoms technology is pitched in no small part to facilitate the proliferation of IoT particularly to industry – however the assertion of this report (and others) is that this creates many more vectors for nefarious actors to launch attacks. Depending on whether trends like this continue to dramatically rise and the level of general awareness of it, this could even end up giving the IoT sector an image problem in the future.

Get the latest news straight to your inbox. Register for the Telecoms.com newsletter here.