We are now past the threshold of the New Year, and it allows us to see how things would kick off in terms of cybersecurity. Thankfully, it would seem that most threat actors took the holiday off to celebrate, just as I or anyone else would. However, that was not 100% the case, as a few companies were seemingly breached and had data published. Namely, a training provider company out of England named Aspiration Training was the first company to be published.
With that in mind, we are brought nicely to the next topic of 2023 in review:
Ransomware and Data Breaches
Besides AI/ML, it seems the other hot topic of 2023 was ransomware and data breaches, which makes sense. According to Ransomwatch, a handy site to see the latest postings from threat actor groups, there were 4,769 posts in 2023. While not all of these are ransomware cases, and there may also be duplicates or reposts, it still shows that there were a significant number of incidents.
As of August 2023, it was reported that of some 1900 ransomware attacks worldwide, the United States was fronting 43% of them. Moreover, there was a 75% increase in the average number of monthly attacks in the US between the first and second half of the 12 months prior to August. Around that time, it appeared that the Cl0p ransomware gang was taking the lead in the number of breaches after spraying and praying exploits for the MOVEit vulnerability. Since then, that vulnerability appears to have been used less frequently, and that group has fallen by the wayside, with a rise in BlackCat or ALPHV.
BlackCat, or ALPHV, was the group behind the Reddit breach and several other high-profile attacks. With this level of sophistication and bravado, the group was sure to draw the attention of the authorities who have recently seized the group’s website. While this has seemingly slowed or stopped the attacks, many decryption keys are reportedly in the wind, and we now may be faced with a BlackCat merger with threat actor group LockBit to form a more formidable threat.
Setting aside that concern for a moment, we have seen some good things come out of the rise in ransomware attacks and data breaches in 2023. Specifically, an alliance of nearly 40 countries, spearheaded by the United States, coming together to sign an agreement to not pay ransom to cybercriminals is a huge step forward. Between this, the pressures put on cryptocurrency, and other measures set to help curb ransomware, the business model is becoming harder to sustain. However, that does not mean impossible…
In 2024, I would expect that we see a rise in attacks against the healthcare industry as well as perhaps even critical infrastructure. Regardless of whether this comes to fruition or not, it should serve as a time to pause and assess these systems’ security as they are not only targets for money-hungry thieves but potential nation-state adversaries in war. This is of particular concern given the instability in several areas of the world, including Russia, the Middle East, and the South China Sea. The next war that the United States will face will not likely be fought as much in the physical domain as it would be in the domain of cyberspace.
While we are not wholly seeing this with the war in Ukraine, some things are occurring that act as indicators for this, such as attacks on infrastructure and information. Besides that, we are also seeing rising concerns of foreign intelligence gathering and security backdoors into the United States’ services, such as what was indicated by a mid-2023 letter from the United States House of Representatives Select Committee On The Chinese Communist Party.
I digress, but there are many concerns regarding national security and technology, not least of which are rooted in our critical infrastructure. This starts with ransomware, which, if we see a rise in attacks, should serve as an early warning of what’s to come for cybersecurity professionals globally.