The latest installment of DMN’s Security Bite is brought to you by Mosyle, the only unified platform for Apple products. Our sole focus is on preparing Apple devices for work while ensuring enterprise security. We offer a unique integrated approach that combines advanced, Apple-specific security solutions, including fully automated Hardening & Compliance, Next Generation EDR, AI-driven Zero Trust, and exclusive Privilege Management, paired with the most powerful Apple MDM available today. This results in a completely automated Apple Unified Platform that is currently trusted by over 45,000 organizations to seamlessly prepare millions of Apple devices, all while keeping costs manageable. Request your EXTENDED TRIAL today to discover why Mosyle is your go-to choice for managing Apple devices.
Corvus, a leading provider in cyber insurance, has released its Q3 2024 Cyber Threat Report, which investigates the evolving ransomware landscape. While the uptick in ransomware incidents comes as no surprise, the report highlights how cybercriminals are shifting towards more competitive and aggressive tactics, instead of simply waiting for the next major vulnerability to exploit.
About Security Bite: Security Bite is a weekly column focused on security issues at DMN. Each week, Arin Waichulis provides insights into data privacy, uncovers vulnerabilities, and shines a light on emerging threats within Apple’s vast ecosystem of over 2 billion active devices to help you stay safe.
Shifting dominance
Interestingly, Corvus’s latest Cyber Threat Report indicates that the ransomware threat landscape is becoming more fragmented, with 59 active groups now operating globally. This shift signals a departure from the previous dominance of major factions like LockBit 3.0, leading to a more diverse ecosystem.
This change may stem from increased law enforcement efforts targeting these larger entities. Earlier this year, the FBI, Europol, and the UK’s NCA executed successful seizures of LockBit’s infrastructure and recovered over 1,000 decryption keys for victims. Despite arrests, the LockBit group continues to operate, hence the designation “3.0.” The crackdown creates apprehension for their partners (affiliates).
Ransomware groups now primarily function as RaaS (Ransomware-as-a-Service). This structure allows malware developers (or operators) to create the software while affiliates—typically less technically skilled individuals—purchase the malicious packages to target their victims. The operators manage payment processing and customer service for the victims while taking a percentage of the ransom collected.
With authorities successfully dismantling significant players, affiliated criminals are increasingly cautious about their partnerships. They are now inclined to choose groups with no history of setbacks. When authorities take down major operators, they often access internal systems, admin panels, and communication channels, posing significant risks for the affiliates. Investigations can uncover operational specifics, cryptocurrency transactions, and potentially expose the affiliates’ identities.
This evolving situation appears to drive affiliates toward smaller, more nimble ransomware operations.
Newer entities like RansomHub, which experienced a 160% rise in victims, demonstrate this shift in preferences among affiliates. These smaller organizations can attract more partners by offering competitive terms and enhanced security through targeted operations.
Key highlights from the report include:
- Ransomware attacks increased slightly to 1,257 victims in Q3
- New player RansomHub emerged as the most active, claiming 195 victims
- Heightened targeting of the Construction and Healthcare sectors
- 28.7% of attacks exploited VPN vulnerabilities
- 75% of organizations do not have sufficient multi-factor authentication
Corvus compiles data anonymously from claims and other resources.
Also: Why email security remains a challenge
Follow Arin: Twitter/X, LinkedIn, Threads
: We use income-generating auto affiliate links. More.
