Check Point Finds 48 Ransomware Groups Have Breached Some 2,200 Victims in First Half of 2023

In the first six months of this year, a surge in ransomware saw 48 groups successfully attack some 2,200 victims, with Lockbit3 being the most active crew, Check Point said in a newly released report.

The figure amounted to a 20% increase in victims compared to the same period last year, according to data in the cybersecurity protector’s 2023 Mid-Year Security Report. The findings are based on data drawn from the Check Point ThreatCloud Cyber-Threat Map, which looks at the key tactics cybercriminals are using to carry out their attacks.

The report uncovered an 8% surge in global weekly cyberattacks in the second quarter of this year, the largest increase in two years. Attackers have combined next-gen artificial intelligence technologies with tools such as USB devices to conduct cyberattacks, Check Point said.

Data Theft, Hacktivism on the Rise

Key findings from the report include:

  • Ransomware groups are exploiting vulnerabilities in commonly used corporate software and shifting their approach from data encryption to data theft.
  • USB Devices have resurfaced as significant threats, with both state-affiliated groups and cybercriminals deploying USB drives as vectors for infecting organizations globally.
  • Hacktivism has seen a rise, with politically motivated groups launching attacks on selected targets.
  • Artificial intelligence misuse has amplified, with generative AI tools being used to craft phishing emails, keystroke monitoring malware, and basic ransomware code, calling for stronger regulatory measures.
  • The emergence of new groups like Royal and Play is associated with the termination of Hive and Conti Ransomware-as-a-Service (RaaS) groups.
  • By geography, 45% of victims are in the U.S., with an unexpected rise in Russian entities due to the novel actor "MalasLocker", which substitutes ransom demands with charitable donations.
  • The manufacturing and retail sectors have seen the most victims, suggesting a shift in ransomware attack strategy.

Maya Horowitz, Check Point research vice president, explained that criminal activities have continued to rise in the first half of this year

"Familiar threats such as ransomware and hacktivism have evolved further, with threat groups modifying their methods and tools to infect and affect organizations worldwide. Even legacy technology such as USB storage devices, which have long been gathering dust in desk drawers, have gained popularity as a malware messenger.

"Organizations need to build a cyber resiliency strategy and strengthen their defenses by adopting a prevention-first, integrated approach to cyber security. Cyberattacks are inevitable but can be largely prevented by proactive measures and the right security technologies."

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.