SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
Story image

Ransomware attacks rise with construction sector most hit

Fri, 22nd Nov 2024

Corvus has published its Q3 2024 Cyber Threat Report, which reveals the persistence of ransomware activity and the increasing distribution among various threats throughout the third quarter of the year.

The report identifies 1,257 ransomware victims in Q3, a slight increase from 1,248 victims recorded in Q2. This data underscores the ongoing prevalence and severity of ransomware attacks affecting various sectors globally.

Significant vulnerabilities in VPNs and weak passwords were exploited as entry points for nearly 30% of these ransomware incidents. These weaknesses provided attackers with access to systems through automated brute-force attacks, enabling them to gain unauthorised entry with minimal difficulty.

Jason Rebholz, Chief Information Security Officer at Corvus, stated, "Attackers are focused on finding the path of least resistance into a business to launch an attack, and in Q3 that entry point was the VPN. As we look forward, businesses must strengthen defenses with multi-layered security approaches that extend beyond MFA. Today, MFA is mere table stakes and must be complemented with secure access controls capable of shoring up these current and future areas of vulnerability."

The report details that 40% of Q3's attacks were attributed to five groups: RansomHub, PLAY, LockBit 3.0, MEOW, and Hunters International. Among these, RansomHub emerged as the most active group, with a substantial rise in incidents compared to the previous quarter.

The overall ransomware ecosystem has become more distributed, with a total of 59 groups identified by the end of the quarter. This marks an expansion in the criminal landscape, suggesting that new entrants could potentially disrupt and complicate existing defensive measures. Since its emergence in February 2024, RansomHub has claimed more than 290 victims and has swiftly become a significant player following the takedown of LockBit in Q1.

The construction industry was notably affected, remaining the most targeted sector with 83 reported victims in Q3, a 7.8% increase from 77 in Q2. Healthcare organisations also witnessed a surge in ransomware incidents, experiencing a 12.8% increase to 53 reported victims from 42 in the previous quarter.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X