Unit 42, the cybersecurity research team of Palo Alto, has released a report on ransomware incidents in 2023 from posts on the dark web selling data. The number of posts has increased from 2,679 in 2022 to over 3,998, marking a 49% rise. The most prevalent ransomware group is LockBit 3.0, accounting for 23% of the attacks. In Thailand, this malware has caused the most significant issues, with 19 victims before the group members were apprehended, and servers were shut down in early 2024.
The most commonly utilized method of attack is through software or API vulnerabilities, making up 38.60% of the attacks, up from 28.6% in 2022. Zero-day vulnerabilities, such as those in GoAnywhere MFT, MOVEit, or Citrix Bleed, are also extensively exploited, followed by the use of leaked login credentials at 20.5%, up from 12.9%.
A significant decrease in phishing attacks, from 33.7% to only 17%, indicates that threat actors are focusing more on precise targeted attacks or employing automated tools for increased efficiency.
For the full report on ransomware incidents, please refer to the ransomware incident report.
TLDR: Unit 42’s report reveals a surge in ransomware incidents in 2023, with LockBit 3.0 being the most prominent group. Attacks through software vulnerabilities and leaked credentials are on the rise, while phishing attacks have significantly decreased, possibly due to a shift towards more targeted and automated attacks.
Leave a Comment