Tomcat
Professional
- Messages
- 2,688
- Reaction score
- 1,015
- Points
- 113
Researchers have identified the main trends of hackers for the year.
According to a new report from Mandiant, ransomware activity increased significantly in 2023. The number of publications on data leak sites increased by 75% compared to the previous year, and the number of Mandiant investigations increased by more than 20%.
Particular attention was drawn to the fact that about 33% of new ransomware families in 2023 were variants of previously known programs. Attackers continue to use legitimate and commercially available tools to carry out their attacks, which marks a decline in the use of Cobalt Strike Beacon and an increase in the use of legitimate remote access tools.
Code reuse, duplicate groups, or rebrand dimensions in 2023
In 33% of the incidents, ransomware was deployed within 48 hours of cybercriminals ' first access. More than 76% of all deployments occurred outside of business hours, mostly in the early morning. This highlights how important it is for organizations to be ready around the clock.
According to Mandiant experts, the increase in ransomware activity in 2023 is partly due to the recovery of the cybercrime ecosystem after a turbulent 2022, when there was a decline due to political factors and Conti chat leaks. In 2023, cybercriminals returned to action, using new tactics, techniques, and procedures (TTPs) to increase pressure on victims.
Ransomware attacks in 2023 affected organizations in more than 110 countries, with companies from all industries among the victims. Of particular concern is the tendency of ransomware to attack patients in medical institutions. Extortionists threaten to release patients personal data and even make false calls to emergency services to increase pressure on medical organizations.
In 2023, the number of posts on data leak sites reached a record high with more than 1,300 posts in the third quarter. The number of unique sites with at least one publication increased by 15%, and the number of new data leak sites increased by 30% compared to 2022. Approximately 30% of publications in 2023 were on new sites associated with various ransomware families, such as ROYALLOCKER. BLACKSUIT, RHYSIDA, and REDBIKE.
According to Mandiant experts, one of the most effective measures to protect against ransomware is to use strategies to protect and contain threats, which include improving the security of infrastructure, identity data and endpoints.
According to a new report from Mandiant, ransomware activity increased significantly in 2023. The number of publications on data leak sites increased by 75% compared to the previous year, and the number of Mandiant investigations increased by more than 20%.
Particular attention was drawn to the fact that about 33% of new ransomware families in 2023 were variants of previously known programs. Attackers continue to use legitimate and commercially available tools to carry out their attacks, which marks a decline in the use of Cobalt Strike Beacon and an increase in the use of legitimate remote access tools.
Code reuse, duplicate groups, or rebrand dimensions in 2023
In 33% of the incidents, ransomware was deployed within 48 hours of cybercriminals ' first access. More than 76% of all deployments occurred outside of business hours, mostly in the early morning. This highlights how important it is for organizations to be ready around the clock.
According to Mandiant experts, the increase in ransomware activity in 2023 is partly due to the recovery of the cybercrime ecosystem after a turbulent 2022, when there was a decline due to political factors and Conti chat leaks. In 2023, cybercriminals returned to action, using new tactics, techniques, and procedures (TTPs) to increase pressure on victims.
Ransomware attacks in 2023 affected organizations in more than 110 countries, with companies from all industries among the victims. Of particular concern is the tendency of ransomware to attack patients in medical institutions. Extortionists threaten to release patients personal data and even make false calls to emergency services to increase pressure on medical organizations.
In 2023, the number of posts on data leak sites reached a record high with more than 1,300 posts in the third quarter. The number of unique sites with at least one publication increased by 15%, and the number of new data leak sites increased by 30% compared to 2022. Approximately 30% of publications in 2023 were on new sites associated with various ransomware families, such as ROYALLOCKER. BLACKSUIT, RHYSIDA, and REDBIKE.
According to Mandiant experts, one of the most effective measures to protect against ransomware is to use strategies to protect and contain threats, which include improving the security of infrastructure, identity data and endpoints.
