The LockBit ransomware gang was found to be the most active in terms of total victims from January to May 2023 and developed an encryption program specifically targeting Macs.
According to the analysis of Acronis 2023 Mid-Term Cyber Threat Report LockBit had a total of 280 known victims (49% of the total surveyed), including the Los Angeles City Housing Authority (HACLA), Aguas do Porto, and Wabtec Corporation.
Clop followed with 106 (19%), BalckCat/ALPHV with 74 (13%), Royal with 68 (12%) and Play with 43 (7%).
Read more: Royal Mail Attackers Involved in Russia-Backed LockBit
In its analysis, Acronis noted that the LockBit gang created the first Mac-targeted encryption program and was one of the first large-scale ransomware campaigns to specifically target macOS.
“Macs are so widely used in some countries, especially the United States, that we can expect devastating ransomware attacks in the future, but many still believe they are effectively immune to malware. of Mac users would be an unwelcome surprise,” said the report.
The report also notes that while ransomware variants are declining, businesses continue to lose data and money.
“Ransomware gangs still break into businesses around the world with considerable ease, and continue to exploit popular legitimate tools even after they have compromised systems,” the report states.
email attack
The report also found that 2023 saw a staggering 464% increase in the number of confirmed email attacks compared to the first half of 2022..
In Q1 2023, 30.3% of all emails received were spam and 1.3% contained malware or phishing links. Phishing remains one of the tools of choice for cybercriminals today.
Acronis also observed a new phishing campaign targeting US taxpayers by spoofing W-9 tax forms allegedly sent by the Internal Revenue Service and business partners. This campaign will popularize Emotet.
Another new phishing campaign we observed targets users of cryptocurrency hardware wallet company Trezor.
In an overview of the email phishing threat, Acronis emphasized the importance of anti-phishing defenses and strong authentication along with a holistic multi-layered approach to cybersecurity.
“If phishing threats are not blocked immediately, it is important to deploy other detection technologies that can stop them later in the malware cycle,” says the report.
AI-powered cybercriminals
Cybercriminals are often reported to be using AI and existing ransomware code to become more sophisticated in their attacks, including digging deeper into victims’ systems to extract sensitive information.
The report notes that AI-generated phishing emails are already out there.
“In classic CEO fraud and business email compromise (BEC) fraud, AI can also answer potential questions, greatly reducing the effort of attackers,” says the report.
Acronis said the number of official ransomware incidents has exploded since last year, as AI-generated malware evades detection by traditional antivirus models.
Read more: ChatGPT Creates Polymorphic Malware
Despite AI making it easier for attackers to generate malware, Acronis notes that the malware it creates is “not very sophisticated.”
“Thus, it is unlikely that large APT groups will jump on this bandwagon anytime soon. Of course, the model will continue to be refined in the future,” said the report.
