In the second quarter of 2023, the average volume of cyber attacks per week reached a peak not seen in two years. Check Point Research (CPR) conducted an analysis revealing an 8% increase in attack frequency during Q2, with organizations worldwide facing an average of 1,258 attacks every week.
This surge can be attributed to the emergence of new evasive tactics, alongside a rise in hacktivist-based attacks and increased activity from ransomware groups, according to CPR.
Despite a decrease in attacks compared to the previous year, the education and research sector remained the most targeted industry in Q2, as highlighted by CPR.
On average, organizations experienced 2,179 attacks each, indicating a 6% decrease from the same period in 2022.
Academic institutions in the UK have been heavily targeted this year, with the University of Manchester experiencing a disruptive cyber attack in June, resulting in the exposure of research data belonging to more than 1.1 million NHS patients.
The healthcare industry has consistently been a primary target for cyber criminals, with a significant year-on-year increase in attacks during Q2. Organizations in this sector faced an average of 1,744 attacks per week, marking a 30% YoY increase.
Recently, the ALPHV ransomware gang targeted Barts NHS Trust, a provider serving over 2.5 million patients across multiple hospitals. The group claimed to have stolen 70 terabytes of data, making it the largest breach of healthcare data in the UK.
Growing Concerns About Ransomware Resurgence Security researchers have expressed concerns regarding the increasing activity of high-profile ransomware groups. FlashPoint’s alternative analysis revealed that LockBit and Cl0p accounted for almost 40% of all recorded ransomware attacks in June, with approximately 47.5% of these attacks specifically targeting US-based organizations.
Both groups have been exceptionally aggressive in recent weeks, with Cl0p taking responsibility for the damaging MOVEit supply chain attack. The file transfer platform is widely used by organizations globally, impacting several UK firms such as British Airways, Boots, and the BBC. The incident further triggered a chain of attacks worldwide following a breach at HR and payroll provider, Zellis.
LockBit has also been actively involved, targeting a third-party supplier for Taiwanese chipmaker TSMC. The group listed the chipmaker on its dark web blog and demanded a ransom of $70 million, one of the largest ever recorded.
The increase in LockBit attacks highlighted by FlashPoint raises concerns for healthcare organizations. Historically, this ransomware group has targeted entities operating in the healthcare sector. Last year, they claimed responsibility for an attack on a French hospital, resulting in the leak of sensitive patient data when their $10 million ransom demand was rejected.
These observations regarding leading ransomware organizations coincide with a general rise in attacks across the industry. A report published earlier this month noted a 48% YoY increase in attacks. Additionally, Chainalysis’ annual Crypto Crime report highlighted that ransomware affiliates have returned to targeting larger organizations.
Underrated Vulnerabilities In addition to the surge in cyber attacks, FlashPoint’s research highlighted a concerning trend of overlooked or missing vulnerability disclosures in June. Out of the 1,828 new vulnerabilities reported, the Common Vulnerabilities and Exposures (CVE) program missed 395. Alarmingly, over one-third (35%) of these vulnerabilities were rated high or critical, putting organizations at greater risk.
Keywords: cyber attacks, ransomware, spike, hacktivist-based attacks, ransomware groups, education and research sector, healthcare industry, UK-based academic institutions, ALPHV ransomware gang, high-profile ransomware groups, LockBit, Cl0p, MOVEit supply chain attack, Zellis, TSMC, healthcare organizations, rise in attacks, vulnerabilities, Common Vulnerabilities and Exposures (CVE) program.
Tags: cyber attacks, ransomware resurgence, education sector, healthcare industry, ransomware groups.