Skip to content

At The Identity Organisation, we're here to help!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    The Alarming Threat of Ransomware: Insights from the Secureworks State of the Threat Report 2023

    In the ever-evolving landscape of cybersecurity, the battle against ransomware has taken a concerning turn. According to the latest findings from Secureworks annual State of the Threat Report, the deployment of ransomware is now occurring within just one day of initial access in more than half of all engagements.

    The Rapid Decline in Dwell Time

    Perhaps the most concerning revelation in the report is the drastic reduction in median dwell time, plummeting from 4.5 days to less than one day within a span of 12 months. In 10% of cases, ransomware was even unleashed within a mere five hours of gaining initial access. This accelerated pace is attributed to cybercriminals’ efforts to minimize the risk of detection.

    Don Smith, VP Threat Intelligence at Secureworks CTU, notes in a press release that this trend reflects a shift towards simpler and quicker operations. As the cybersecurity industry becomes more proficient at detecting ransomware precursors, threat actors opt for faster and less complex attacks to increase their chances of success.

    Top Ransomware Groups

    While familiar threat groups such as GOLD MYSTIC (LockBit), GOLD BLAZER (BlackCat/ALPV), and GOLD TAHOE (Cl0p) continue to dominate the ransomware landscape, the report highlights the emergence of new and highly active threat groups. MalasLocker, 8BASE, and Akira have all entered the scene, contributing to a substantial rise in victim and data leaks.

    Notably, LockBit remains the most active group, with nearly three times the number of victims compared to the next group, BlackCat. The report emphasizes that the past four months there were the highest victim counts since the initiation of “name and shame” attacks in 2019.

    Initial Access Vectors and Vulnerabilities

    The report identifies three primary initial access vectors (IAV) observed in ransomware engagements: scan-and-exploit (32%), stolen credentials (32%), and commodity malware via phishing emails (14%). Of these, scan-and-exploit involves the identification of vulnerable systems and attempts to compromise them with specific exploits.

    Despite the hype around AI-style attacks, the report underscores that unpatched infrastructure remains a significant factor in successful attacks. Cybercriminals continue to exploit known vulnerabilities from 2022 and earlier, accounting for over half of the most exploited vulnerabilities during the reporting period.

    State-Sponsored Threat Groups

    The State of the Threat Report delves into the activities of state-sponsored threat groups from China, Russia, Iran and North Korea. Geopolitics continues to be the driving force behind their actions:

    • China: Shifts focus to Eastern Europe with a growing emphasis on stealthy tradecraft in cyber espionage attacks
    • Iran: Targets dissident activity, hinders progress on the Abraham Accords, and employs personas across threat groups
    • Russia: Intensifies cyber espionage and disruption, with patriotic-minded groups targeting adversaries. Utilizes Telegram for recruitment and communication
    • North Korea: Engages in cyber espionage and revenue generation, with AppleJeus as a key tool. North Korean threat groups have stolen $2.3 billion USD between May 2017 and May 2023

    The State of the Threat Report 2023 underscores the critical need for organizations to prioritize good cybersecurity hygiene. With ransomware attacks becoming faster and more dynamic, staying ahead of evolving threats requires a proactive and adaptive approach. New-school security awareness training can ensure your users are up to date on the latest ransomware threats, and will be vigilant on how to spot and report any suspicious activity. 

    KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.


    Free Ransomware Simulator Tool

    Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

    KnowBe4’s “RanSim” gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 24 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

    Here’s how it works:

    • 100% harmless simulation of real ransomware and cryptomining infections
    • Does not use any of your own files
    • Tests 25 types of infection scenarios
    • Just download the install and run it 
    • Results in a few minutes!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/ransomware-simulator-tool-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top