Ransomware’s dark web surge: Cyber security report reveals alarming trends

Ransomware gangs have ramped up cyber attacks in the first half of 2023, according to Akami’s mid-year cyber report, with victims of multiple cyber attacks six times more likely to experience a second attack within three months of their first.

Taking advantage of these security weaknesses can fetch in excess of $75,000 for the sale of backdoor access to a business’s data. The report by Akami also looks at the evolving and sharpening focus on zero-day vulnerabilities.

“The ransomware threat landscape is seeing a concerning shift in attack techniques with the rampant abuse of zero-day and one-day vulnerabilities in the past six months, which led to a 143% increase in victims from Q1 2022 to Q1 2023” said Akami.

LockBit, a malicious software designed to block user access to computer systems in exchange for a ransom payment, typically targets high value businesses with zero-day vulnerabilities and appears to be dominating the ransomware market.

Cl0p, another group making moves on the ransomware cyber attack scene, have become known for large ransom demands, sometimes starting as high as $3m. They have repeatedly made headlines for high profile cyber attacks, most recently MOVEit Transfer.

Rapid7 also released a report on the subject, detailing that nearly 40% of incidents in the first half of 2023 resulted from inadequate multi-factor authentication (MFA) enforcement, particularly concerning VPNs and virtual desktop infrastructure.

This underscores the critical importance of robust MFA protocols in today's cyber security landscape. Rapid7 suggest the use of ‘number matching’ to counter “an uptick in MFA push fraud as a result of notification fatigue”.

The report also warns that Voice over Internet Protocol (VoIP) technologies are an under-appreciated cyber attack vector, ripe for malware and phishing attempts. Their vulnerability is likely to attract more attention from cybercriminals in the future, demanding proactive defences.

According to Rapid7, only one organisation in 2023 met their minimum recommendations for security maturity – the degree to which an organisation has optimised security systems and processes relative to its risk environment and tolerances.

This highlights a pervasive gap in cyber security preparedness across industries, leaving them susceptible to ransomware and cyber attack threats. The table below shows the most commonly reported incident types so far this year.

In the face of these evolving cyber threats, safeguarding your business hinges on fundamental security practices. Rapid7 recommends rigorous MFA enforcement, risk-based vulnerability management, data exfiltration prevention, and restricting local admin privileges, among other things.

For an in depth dive into cyber security be sure to read TechInformed's Ransomware Special Report.