Ransomware attacks in June increased 221% year-over-year to reach a monthly record of 434, according to analysis by the NCC Group’s Global Threat Intelligence Team.
The IT security firm said Clop’s targeting of global organizations via MOVEit flaws, the “consistently high level” of activity by groups such as Lockbit 3.0, and the emergence of new groups since May have pushed the numbers up. claimed to have been promoted.
In a classic supply chain attack, Clop exploited CVE-2023-34362, a SQL injection zero-day vulnerability in popular managed file transfer software MOVEit, causing one-fifth (21%) of activity last month .
MOVEit Details: Clop Ransom Gang Compromises High-profile Companies Via MOVEit Flaws.
LockBit 3.0 accounted for 14% of ransomware attacks during the same period, down 21% from the previous month. But the group remains the most prolific group of 2023 so far.
In June, a new group, 8base, first discovered in May, rapidly increased its activity. This attack has been involved in her 40 attacks, making him 9% of all attacks recorded by the NCC group. His two other groups, Rhysida and Darkrace, first spotted in May, contributed to 17 and her nine attacks, respectively.
Unsurprisingly, North America once again had the highest number of casualties (51%), followed by Europe (27%) and Asia (9%).
Industry was the most targeted sector in June, accounting for a third of victims, followed by consumer goods (12%) and technology (11%), according to the NCC Group.
Matt Hull, the company’s global head of threat intelligence, argued that the threat landscape continues to evolve.
“Family-known players such as Lockbit 3.0 show no signs of slowing down, newer groups such as 8base and Rhysida have demonstrated their capabilities, and Clop has reported its second major vulnerability in just three months. exploited,” he claimed.
“It is imperative that organizations stay vigilant and adapt their security measures to stay one step ahead. We strongly recommend that you apply the latest patch.”
This week, Estée Lauder emerged as the Klopp group’s latest victim, but security researchers claimed the Alphv/BlackCat group also compromised the cosmetics giant.
