Securin research reveals ransomware threats surge amidst geopolitical shifts and cybersecurity challenges

Securin researchers published Tuesday their latest findings on ransomware threats in 2023. The research provides valuable insights into new APT (advanced persistent threat) groups, ransomware families, and related attacks. It recognizes that the past year has witnessed a significant transformation in the cyber attack landscape, particularly with the rise of ransomware as a prominent threat. This shift occurred against the backdrop of major geopolitical changes involving China, Russia, Ukraine, and Israel. 

“Ransomware has become an effective tool for espionage, economic and information warfare, as well as for disrupting critical infrastructure,” Securin detailed in its report titled ‘2023 Year in Review: Ransomware Through the Lens of Threat and Vulnerability Management.’ “Moreover, it has provided cybercriminals with opportunities for generating covert revenue and gaining unauthorized access to sensitive geopolitical intelligence.”

The report disclosed that the number of ransomware-associated vulnerabilities climbed significantly, from 344 in 2022 to 382 in 2023. Of these, the most weaponized was the Progress MOVEit Transfer Vulnerability (CVE-2023-34362), which was used to compromise more than 1,000 organizations and affect 60 million individuals. 

It also revealed ten new ransomware families emerged in 2023 including Akira, Bloody. and INC, leading to a total of 188 active ransomware families. Along with new families, Securin experts identified three existing APT groups, Scattered Spider, FIN8, and RomCom, adding ransomware to their arsenal. Lastly, the report recognizes Cl0p, BlackCat, and Vice Society led the pack of ransomware groups in 2023. These three groups were responsible for damaging attacks against MGM Resorts, MOVEit Transfer. and the Industrial and Commercial Bank of China.

“These discoveries are alarming, but they are far from surprising. Talking to our customers over the last year, we have heard the same thing over and over again: the attacks, successful or thwarted, just keep coming,” Ram Movva, CEO and co-founder of Securin, said in a media statement. “This onslaught, combined with an ongoing talent shortage and slashed IT budgets, has created a combustible situation for organizations of every kind. Addressing these challenges head-on, with the best information possible, will be essential to keeping the worst from transpiring in 2024.”

The Securin report identifies the rapid advancements in artificial intelligence (AI) technology and the proliferation of deep fakes have further complicated the ransomware landscape. Coupled with the development of increasingly sophisticated ransomware that can evolve in real-time to bypass security defenses, and the relatively low cost of stolen credentials on the dark web (as little as $5), the scale, impact, frequency, and cost of ransomware attacks have escalated dramatically. The reported cost of a data breach caused by a ransomware attack now stands at $5.11 million.

The report presents crucial metrics, insights, and vulnerability intelligence gathered through our extensive ransomware research. Securin utilizes a systematic and comprehensive strategy for analyzing the 230,648 Common Vulnerabilities and Exposures (CVEs) listed in the National Vulnerability Database (NVD). “Our approach involves prioritization based on severity, affected systems, and vulnerability characteristics, utilizing a funnel-based methodology. In addition, we consider trending factors, exploitation patterns, hacker chatter, deep and dark web monitoring, and associations with threat actors to enhance our analysis. This multifaceted approach ensures a thorough and robust assessment of the CVEs,” it added.

Securin also pointed out that kill-chain vulnerabilities are up from 59 to 80 since the first quarter of 2023. Attackers now have 21 more pathways for start-to-finish exploitations, allowing them to move from infiltration to ransomware code execution to data extortion by compromising just one vulnerability. 16 ransomware-associated CVEs go undetected by popular scanners like Nessus, Qualys, and Nexpose, remaining invisible during vulnerability scans. Securin was able to detect these vulnerabilities by using passive techniques like monitoring technology stacks and cross-referencing installed software with a list of associated vulnerabilities.” 

It added that 113 ransomware-associated vulnerabilities impact 1,042 open-source packages, with Linux accounting for over 80% of the impact, posing a significant threat to the security and integrity of systems relying on open-source software components that could lead to security breaches. 

The Securin report identified that ransomware groups target critical infrastructure sectors, disrupting essential services such as energy, healthcare, or transportation that lead to disruption and severe consequences, compelling victims to pay hefty ransom to restore operations quickly. The high stakes and interconnected nature of these sectors make them lucrative targets for extortion, leveraging the potential for widespread impact and financial gain. 

The data added that protection against ransomware starts at the development stage and requires rigorous checks for software weaknesses (CWEs) that can enable exploitation. “Our research on the 382 ransomware-associated CVEs identified a pattern of ransomware focusing on 87 weaknesses out of 600+ available. This indicates 87 different issues in software code that give rise to vulnerabilities that are specifically leveraged for ransomware attacks. Of these, five weaknesses have been newly associated with ransomware in 2023, bearing testimony to the fact that ransomware operators are constantly on the lookout for vulnerabilities to exploit.”

The report provided seven ways to defend and prevent ransomware attacks. These include conducting user education and training, patch management and anti-virus, attack surface management, and adopting proactive mitigation measures. It also advises periodic penetration testing, network segmentation and access control, and robust backup and recovery procedures.

In conclusion, the Securin report not only reveals the escalating threat of ransomware but also emphasizes the crucial role of metrics in understanding the rapid and ever-increasing pace of its growth. “By analyzing and highlighting high-risk product versions, our goal is to provide organizations with critical insights into potential vulnerabilities, encouraging immediate patching and the adoption of diligent cyber practices. The urgent call to action involves fostering a culture of cyber resilience, where organizations prioritize swift responses to emerging threats.” 

Furthermore, by implementing its recommended defense strategies, including continuous monitoring and prompt patching, “you can fortify your digital fortresses against the relentless tide of ransomware. We hope that this report will be a catalyst for informed decision-making, collaborative efforts, and strategic investments in cybersecurity. Together, we can effectively mitigate the growing threat of ransomware, ensuring a secure digital future for organizations and individuals alike.”

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.