2023 The Year of Mega Ransomware Attacks and Global Impact: Check Point Research

Global Trends in Cyberattacks
The digital realm continues to be a battleground for cyber security, with 2023 marking another year of relentless cyber-attacks globally. Check Point Research’s comprehensive analysis of cyber-attack data, including statistics for all regions, and globally, offers a revealing look into the ever-evolving landscape of cyber threats.

Overall Global Attacks
The year 2023 was marked by a persistent escalation in cyber threats. Organisations across the globe experienced an average of 1,158 weekly cyber attacks each. This represents a 1% increase in cyber-attacks compared to 2022, and keeping the significant increase seen from previous years, signalling a continuous and worrying trend in the digital threat landscape.

In 2023, the cyber threat landscape saw an evolution, particularly in how ransomware threats were executed. While ransomware continued to pose a serious risk, especially to smaller and less fortified businesses, a notable shift occurred with some attackers concentrating on data theft and purely extortion-based campaigns. This change in tactics is evident in two prominent attack campaigns – the MOVEit and GoAnywhere incidents. These attacks did not use traditional encryption-based ransomware; rather, they revolved around extortion, with attackers demanding payment in return for not publicly releasing the stolen data.

Global Attacks per Industry
The industry-wise breakdown reveals a dynamic shift. The Education/Research sector, previously a prime target, experienced a notable 12% decrease in attacks, although it has still remained on top of the list with the highest volume of cyber-attacks. Conversely, the Retail/Wholesale sectors faced a 22% increase, indicating a change in attacker focus. The Healthcare sector’s 3% increase in attacks is particularly concerning, given the critical nature of its services.

The Retail/Wholesale sectors experiencing a significant number of cyber-attacks in 2023 might be due to several key factors:

1. Large Volume of Consumer Data: Retail and wholesale businesses typically handle vast amounts of personal and financial data from customers. This makes them attractive targets for cyber criminals looking to steal sensitive information like credit card numbers, addresses, and personal identification details for identity theft or resale on the dark web.

2. Highly Connected and Digitalised Operations: With the advancement of technology, these sectors have embraced digital transformation, relying heavily on online transactions and interconnected systems. This increased digital footprint offers more entry points for cyber attackers.

3. Complex Supply Chain Networks: Retailers and wholesalers often have intricate supply chain networks, involving numerous vendors and third-party service providers. Each node in this network can potentially be a vulnerability if not adequately secured, providing cybercriminals with multiple avenues for attack.

4. E-commerce and Online Presence: The growth of online shopping has led to an expansion in e-commerce platforms. These platforms, if not securely built and maintained, can be exploited through various methods such as SQL injections, cross-site scripting, or other web application attacks.

5. Insufficient Cybersecurity Measures: Smaller retailers and wholesalers might not have the resources for robust cybersecurity defences compared to larger corporations, making them easier targets for cyber attacks.

6. High Transaction Volumes: High volumes of daily transactions make it easier for fraudulent activities to go unnoticed. Cybercriminals exploit this by attempting to blend their malicious activities within a large number of legitimate transactions.Seasonal Spikes in Activity: Retail/Wholesale sectors often experience seasonal spikes in activity, such as during holiday or shopping seasons, where the increased volume of transactions and busy staff may lead to lowered vigilance and increased susceptibility to attacks like phishing or ransomware.

Global Attacks per Region
Regionally, APAC led with the highest average number of weekly attacks, with an average of 1,930 attacks per organisation, a 3% increase compared to last year, while Africa witnessed a substantial 12% YoY increase in the average number of weekly attacks per organisation, reaching an average of 1,900 attacks.

2023 – the Year of Mega Ransomware Attacks
In 2023, the landscape of ransomware underwent a significant upheaval, marked by a major surge in both conventional ransomware and the more formidable mega-ransomware. This unsettling trend was underscored by the alarming prevalence of zero-day exploits, amplifying the extent of damage inflicted and the number of victims impacted, with an increasing number of hacking groups boldly (though in some cases, falsely) claiming responsibility.

Compounding the urgency of the situation, emerging regulatory pressures compelled more companies to disclose incidents of cyber extortion, amplifying the collective awareness of the pervasive threat. The overarching narrative of 2023 became synonymous with the relentless onslaught of mega ransomware attacks, as hackers continued to exploit vulnerabilities, leaving a trail of organisations grappling with the aftermath of these malicious attacks.

Another notable shift was observed in the execution strategies of these ransomware attacks. Traditionally focused on encrypting victim data and demanding ransom for its release, an increasing number of cybercriminals in 2023 adopted a different approach. They concentrated more on data theft, followed by extortion campaigns that did not necessarily involve data encryption but rather threats of public disclosure of the stolen data. This evolution in ransomware tactics signifies a strategic pivot, where the emphasis shifted from disrupting operations through encryption to leveraging stolen data for monetary gains through extortion. This change underscores the adaptability of cyber threat actors and highlights the need for businesses, especially though not solely, smaller ones with limited cybersecurity resources, to enhance their defences against such evolving ransomware threats.

Overall Global Ransomware Attacks: All-Time Peak in 2023
Throughout 2023, 10% of organisations worldwide have been targeted by an attempted ransomware attack. This is a significant increase from a total of 7% of organisations suffering the same threat in the previous year, and also the highest rate in the past years.

Ransomware Attacks per Region: Americas witness highest spike YoY

The impact of ransomware on organisations was seen across the main regions of the world, with APAC having the highest ratio with 11% of organisations targeted by ransomware in 2023, while the Americas showed the largest increase – climbing from 5% of organisations in 2022 to 9% in the past year.

Industry-Specific Ransomware Trends
The top impacted industries by ransomware attacks in 2023 were Education/Research with 22% of organisations suffering this type of attack, followed by Government/Military with 16% and Healthcare with 12%.

How Defenders are Leveraging AI to Prevent the Next Attack
In the rapidly evolving landscape of cybersecurity, artificial intelligence (AI) has emerged as a powerful tool for defending against sophisticated and ever evolving cyberattacks. It has had a profound effect on both the efficacy of ransomware and other attacks methods, and the ability to defend against these advanced campaigns. One of the key areas where AI is making a significant impact is in threat detection and analysis. AI-powered cybersecurity systems excel at identifying anomalies and detecting previously unseen attack patterns, thereby mitigating potential risks before they escalate.

For example, Check Point’s ThreatCloud AI powers all of our solutions using AI technologies with big data threat intelligence to prevent the most advanced attacks while reducing false positives. It aggregates and analyses big data telemetry and millions of Indicators of Compromise (IoCs) every day. Consider this scenario. A new malicious link is detected and blocked in a zero-day attack in the US. The threat data is immediately shared across all attack vectors with protections for this attack updated in real time. This same zero-day malicious link can then be blocked less than two seconds later in a similar attack in Australia –preventing the attack from causing disruption and damage.

Practical Advice: Preventing Ransomware and Other Attacks
Here are a few simple tips to keep organisation safe and secured:

1. Robust Data Backup: The goal of ransomware is to force the victim to pay a ransom in order to regain access to their encrypted data. However, this is only effective if the target actually loses access to their data. A robust, secure data backup solution is an effective way to mitigate the impact of a ransomware attack.

2. Cyber Awareness Training: Phishing emails are one of the most popular ways to spread ransom malware. By tricking a user into clicking on a link or opening a malicious attachment, cybercriminals gain access to the employee’s computer and begin the process of installing and executing the ransomware on it. Frequent cybersecurity awareness training is crucial to protecting the organisation against ransomware, leveraging their own staff as the first line of defence in ensuring a protected environment. This training should instruct employees on the classic signs and language that are used in phishing emails.

3. Up-to-Date Patches: Keeping computers up-to-date and applying security patches, especially those labelled as critical, can help to limit an organisation’s vulnerability to ransomware attacks as such patches are usually overlooked or delayed too long to offer the required protection.

4. Strengthening User Authentication: Enforcing a strong password policy, requiring the use of multi-factor authentication, and educating employees about phishing attacks designed to steal login credentials are all critical components of an organisation’s cybersecurity strategy.

5. Anti-Ransomware Solutions: Anti-ransomware solutions monitor programs running on a computer for suspicious behaviours commonly exhibited by ransomware, and if these behaviours are detected, the program can take action to stop encryption before further damage can be done.

6. Utilise Better Threat Prevention: Most ransomware attacks can be detected and resolved before it is too late. You need to have automated threat detection and prevention in place in your organisation to maximize your chances of protection, including scanning and monitoring of emails, and scanning and monitoring file activity for suspicious files. AI has become an indispensable ally in the fight against cyberthreats. By augmenting human expertise and strengthening defence measures, AI-driven cybersecurity solutions provide a robust shield against a vast array of attacks. As cybercriminals continually refine their tactics, the symbiotic relationship between AI and cybersecurity will undoubtedly be crucial in safeguarding our digital future.

Conclusion
The data from 2023 offers invaluable insights into the shifting patterns of cyber-attacks, underscoring the need for adaptive and robust cyber defence strategies. As cyber threats continue to evolve in complexity and frequency, staying ahead of these trends is not just advisable, but essential for global cyber resilience.