SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Ransomware attacks increased 41% in November, says NCC Group
Thu, 22nd Dec 2022
FYI, this story is more than a year old

Analysis from NCC Group’s Global Threat Intelligence team has revealed a 41% increase in ransomware attacks this month as returning threat actor groups resurface and take the lead in November. 

The 41% rise from 188 incidents to 265 makes November the most active month for ransomware attacks since April this year.   

Lockbit 3.0 was knocked off the top spot, as threat actors Royal and Cuba claim first and second place, accounting for 16% and 15% of all attacks. 

Lockbit 3.0 remains active, however, taking third place, contributing to 12% of attacks this month.  

Royal, which NCC first tracked in January 2022, concerns several experienced ransomware actors working without affiliates, different from the standard ransomware-as-a-service model the Group usually observe. 

Although Cuba has been active over the past couple of years, activity has been reduced despite being responsible for several high-profile attacks and demanding ransomware of over US$60 million. 

A record number of 40 attacks in November is unexpected from the Cuba operation because their operations usually maintain a low profile. 

Although Lockbit 3.0 has remained within the top three threat actors this month, the reported attacks are substantially less than expected for the group. As such, this raises the question of whether they will bounce back or disband as a threat actor.  

Similar to October, DDoS attacks are rising, with 3,648 attacks observed in November. Throughout the month, the United States remained the most targeted country globally, with 1,543 attacks, marking 42% of all observed DDoS attacks.  

Reasons for the United States being the most targeted include the large attack surface and existing geopolitical tensions in the country, which show no sign of relaxation. In addition, given the timings of the US attacks, one reason could be the intention to disrupt the mid-term elections. 

Across the regions, North America suffered 151 ransomware attacks (45%), making it the most targeted region, ahead of Europe, which experienced 65 (25%). 

Asia remained the third most targeted, with 14% of attacks. 

Diving into sector trends, industrials (32%) and consumer cyclicals (44%) remain the top two most targeted sectors for ransomware attacks. 

However, the NCC has observed technology experiencing a large 75% increase over the last month, with supply chain compromise opportunities and intellectual property remaining as key reasons for targeting.

“This month we observed some interesting changes, with Lockbit 3.0 being pushed back to third place and replaced by the re-emergence of Royal and Cuba. The reduced operation may suggest the group could be disbanding, but we will keep a close eye on any developments in this area,” says Matt Hull, Global Head of Threat Intelligence at the NCC Group. 

“Our analysis strongly indicates a rising trend in DDoS attacks, which we can likely expect to continue for the immediate future. However, as more organisations become aware of the increased threat it will be interesting to see how malicious actors employing DDoS attacks are countered.”

“DDoS is not a new attack type and preventative and defensive measures are more widely available and affordable than ever before. We recommend that all organisations familiarise themselves with their defensive infrastructure and assess if there’s a role for anti-DDoS mitigation tools.”