Cyberattacks Increase But Ransomware Attacks Decline
IT professionals and security executives believe cyberattacks have increased since 2023 according to a recent survey by Keeper Security. The cybersecurity firm surveyed 800 IT leaders globally, and 92% said they thought cyberattacks have increased in the past year with 95% saying that cyberattacks have become so sophisticated that they feel unprepared to deal with emerging threat vectors such as AI-based attacks (35%), deepfakes (30%), leveraged 5G networks (29%), unauthorized cloud control (25%), and fileless attacks (23%). It is not only external threat actors that are conducting attacks, as 40% of respondents said they have experienced a cyberattack caused by an insider. The main types of attacks that have increased in frequency are phishing (51%), malware (49%), ransomware (44%), and password attacks (31%). A majority of IT professionals said phishing and smishing attacks have become much harder to detect, which many attribute to the use of generative AI by cybercriminals.
There was a surge in ransomware attacks in 2023; however, attacks have fallen in 2024 according to the Israeli cybersecurity firm Cyberint. In 2023, there was a 55.5% increase in victims of ransomware attacks, with 5,070 organizations reporting attacks in 2023 and 1,309 reported attacks in Q4 alone. However, in Q1, 2024, only 1,048 have been reported, down 22% from Q4, 2023.
Cyberint offers several possible explanations for the decline. There has been increased law enforcement activity, including two operations targeting two of the most active groups, LockBit and ALPHV, that disrupted their operations. In the case of LockBit, the disruption was particularly short, with the group claiming to have rebuilt its infrastructure within a week of the takedown. In Q1, 2024, 210 attacks were attributed to LockBit showing that the disruption was only temporary. In December 2023, a law enforcement operation seized some of the infrastructure of the ALPHV group, and while the group remained active, only 51 attacks were confirmed in Q1, 2024, down from 109 attacks in Q4, 2024. The group also recovered quickly and, in response, removed restrictions for affiliates, and actively encouraged attacks on healthcare targets. The ALPHV group has now shut down following the attack on Change Healthcare, although ALPHV is expected to rebrand and return.
Cyberint also suggests that the decreasing number of victims paying ransoms has made ransomware attacks less profitable, leading some affiliates to pursue other sources of income. Data from the ransomware remediation firm Coveware shows ransom payments fell to a record low in Q4, 2023, with only 29% of victims choosing to pay the ransom. Ransom payments have also fallen to an average payment in Q4, 2023 of $568,705, a 33% decrease from the previous quarter.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
While some groups appear to have shut down their operations, several new groups have emerged. In Q1, 2024, Cyberint tracked the emergence of 10 new ransomware groups. While these groups have not been conducting attacks on the scale of ALPHV, there is the potential for them to scale up their operations. One of those groups, RansomHub, is attempting to extort Change Healthcare, and claims it has the data stolen in its ALPHV ransomware attack.
While the reduction in ransomware attacks is good news, it is too early to tell whether the decline will continue or if it is just a blip. What is more certain is that, in the short term at least, ransomware is likely to continue to be one of the biggest cyber threats faced by organizations.