The average weekly volume of cyber attacks reached a two-year high in the second quarter of 2023 amid a spike in activity among ransomware groups.
Analysis from Check Point Research (CPR) found that the frequency of attacks increased by 8% in Q2, with organizations globally facing an average of 1,258 attacks each week.
A key factor in this surge lies in the evolution of “new evasive tactics”, combined with an increase in hacktivist-based attacks and increased ransomware group activity, the firm said.
Despite a reduction in attacks compared to the year prior, the education and research sector still remained the most-targeted industry during the second quarter, CPR noted.
The average number of attacks per organization stood at 2,179, although this marked a 6% decrease compared to the same period in 2022.
UK-based academic institutions have faced a barrage of attacks so far during 2023. In June, the University of Manchester experienced a highly disruptive cyber attack that exposed research data belonging to more than 1.1 million NHS patients.
RELATED RESOURCE
The threat prevention buyer's guide
Find the best advanced and file-based threat protection solution for your organization.
The healthcare industry has been a key recurring target for cyber criminals in recent years, with the sector experiencing a significant year-on-year increase in attacks during Q2.
Organizations operating in the sector faced an average of 1,744 attacks per week, marking a YoY increase of 30%.
Earlier this month, Barts NHS Trust, which serves more than 2.5 million patients across several hospitals, fell victim to the ALPHV ransomware gang.
The group claimed to have stolen more than 70 terabytes of data, which it said marks the largest breach of healthcare data in the UK to date.
Ransomware resurgence raises concerns
A resurgence in activity among high-profile ransomware groups has raised concerns among security researchers in recent months, CPR said.
Alternative analysis from FlashPoint found that LockBit and Cl0p alone accounted for nearly 40% of all recorded ransomware attacks across June, with nearly half (47.5%) of these directly targeted US-based organizations.
Both groups have been highly aggressive in recent weeks, with Cl0p claiming responsibility for the devastating MOVEit supply chain attack.
The file transfer platform is used by thousands of organizations globally, and initially impacted several UK firms including British Airways, Boots, and the BBC.
This incident prompted a domino effect of incidents worldwide following a breach at HR and payroll provider, Zellis.
LockBit has also been highly active, claiming responsibility for an attack on a third-party supplier for Taiwanese chipmaker, TSMC. The group listed the chipmaker on its dark web blog and set a ransom at $70 million, marking one of the largest ever.
Continued threats for healthcare organizations may also raise concerns amid the increase in LockBit attacks highlighted by Flash Point. The ransomware group has traditionally targeted organizations operating in the sector.
In August last year, the group claimed responsibility for an attack on a French hospital that saw sensitive patient data leaked after its $10 million ransom was refused.
The observations on the leading ransomware organizations come against a backdrop of rising attacks generally across the industry.
A report published earlier this month noted a 48% year-on-year increase in attacks.
Chainalysis’ annual Crypto Crime report, also published earlier this month, noted that ransomware affiliates have returned to their old habits of targeting larger organizations.
Ransomware criminals have for years switched between targeting organizations of different sizes, with efforts from the past few years thought to have been focused more on smaller firms with comparatively less robust defenses than larger enterprises.
Overlooked vulnerabilities
Running in parallel to a surge in cyber attacks, FlashPoint research highlighted a concerning trend of overlooked or missing vulnerability disclosures in June.
1,828 new vulnerabilities were reported across the month. However, 395 of these were missed by the Common Vulnerabilities and Exposures (CVE) program.
More than one-third (35%) of these were rated as high or critical vulnerabilities, which the firm warned is putting organizations at heightened risk.
“If exploited, these issues could pose a significant security risk”, the firm said in a blog post.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
Cybersecurity teams face unparalleled pressure, but they’re stepping up to the plateNews While cybersecurity teams are contending with rising workloads and chronic staffing issues, new research shows practitioners are still charging ahead and meeting targets.
-
Developers can't get a handle on application security risksNews Research by Legit Security shows a majority of organizations have high risk applications in developer environments.
-
CISOs are gaining more influence in the boardroom, and it’s about timeNews CISO influence in the C-suite and boardrooms is growing, new research shows, as enterprises focus heavily on cybersecurity capabilities.
-
How MSSPs can leverage dark web intelligence to counter emerging threatsIndustry Insight Dark web intelligence can be a vital tool for MSSPs to bolster security and counter emerging threats
-
Royal, Hive, Black Basta ransomware gangs ‘collaborating on cyber attacks’News Affiliates from the now-defunct Hive ransomware group could be seeking opportunities with other major dark web players
-
SEC data breach rules branded “worryingly vague” by industry bodyNews The new rules announced last week leave many questions unanswered, according to security industry experts
-
Deloitte denies Cl0p data breach impacted client data in wake of MOVEit attackNews Deloitte was the third of the 'Big Four' professional services firms to have appeared on the ransomware group's 'wall of shame' victim blog
-
TSMC faces $70 million LockBit ransom demand following hardware supplier breachNews While TSMC has confirmed the breach, it has refuted claims that company operations have been disrupted by the incident
