{"id":2244,"date":"2023-12-21T22:30:00","date_gmt":"2023-12-21T22:30:00","guid":{"rendered":"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/ransomware-attacks-in-november-rise-67-from-2022"},"modified":"2023-12-21T22:30:00","modified_gmt":"2023-12-21T22:30:00","slug":"ransomware-attacks-in-november-rise-67-from-2022","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2023\/12\/21\/ransomware-attacks-in-november-rise-67-from-2022\/","title":{"rendered":"Ransomware Attacks in November Rise 67% From 2022"},"content":{"rendered":"<div class=\"media_block\"><a href=\"https:\/\/i0.wp.com\/eu-images.contentstack.com\/v3\/assets\/blt6d90778a997de1cd\/blt850556f866500627\/654a5a8e05eb4d040a046894\/325351_DR23_Graphics_General_Large_Text_v1.png?ssl=1\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/ransomware-attacks-in-november-rise-67-from-2022.png?w=640&#038;ssl=1\" class=\"media_thumbnail\"><\/a><\/div>\n<div><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/ransomware-attacks-in-november-rise-67-from-2022.png?w=640&#038;ssl=1\" class=\"ff-og-image-inserted\"><\/div>\n<div data-component=\"basic-list\" class=\"BasicList BasicList_nestedLevel_0 BasicList_variant_unordered BasicList_limited\">\n<ul data-testid=\"basic-list-unordered\" class=\"BasicList-UnorderedList\">\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"7\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Total ransomware cases up 30% from October<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"7.5\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"10\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Industrials (33%), Consumer Cyclicals (18%), Healthcare (11%), remain most targeted sectors<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6.5\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"8\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">North America (50%), Europe (30%) and Asia (10%) continue to be top three targeted regions<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<\/ul>\n<\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Global levels of ransomware attacks rose 30% in November, with a total of 442 attacks, following a lower volume of attacks in October (341) according to <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.nccgroup.com\/us\/\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" rel=\"noopener\">NCC Group<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">\u2019s November Threat Pulse.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">As the third most active month of the year, ransomware levels in November have taken the total number of global ransomware attacks to 4,276 cases so far, surpassing predictions that the total figure would hit 4,000 with one month of 2023 still to go.<\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\">Industrials sector continues to be hardest hit<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Following the trends witnessed across the year so far, Industrials was the most targeted sector in November, with 146 (33%) of all attacks, marking a 28% increase from October (114 attacks).<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The data reveals that Industrials continue to be prime targets for the breadth and diversity of organizations in the sector and their vast amounts of PPI and IP data. As Industrials are focused on digitalization to enhance efficiency and productivity, there is a greater risk of ransomware attacks.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Consumer Cyclicals is the second most targeted sector with 78 (18%) of attacks, with Healthcare also holding its third place spot from October with 50 (11%) of attacks. Another month of high levels of ransomware for healthcare indicates a concrete shift in the threat landscape for the sector.<\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\">LockBit remains a dominant player<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">In November, LockBit was the most active threat actor, with a 73% month-on-month increase in activity from 66 attacks recorded in October. Data from across this year shows that LockBit has maintained its position as the most prominent threat actor, except in the months March, June and July when CLOP\u2019s mass exploitation of GoAnywhere and MOVEit vulnerabilities put them in top spot.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">BackCat takes second place in November with 49 (11%) of attacks and a month-on-month increase of 58%. Play drops down from the 2<\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><sup class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_superscript\">nd<\/sup><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> most active group in October to third in November, responsible for 10% of all attacks. November\u2019s data marks the most active month for Play recorded by NCC Group. The top three threat actors in November were in total responsible for 206 (47%) of all attacks.<\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\">Ransomware attacks in Europe rise<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">As expected, Europe and North America witnessed with majority of attacks in November. Consistent with this year\u2019s trends, North America remains the most targeted region with 219 (50%) of attacks.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Ranking the second most targeted region, Europe witnessed 135 (31%) of attacks, an increase by 36 following 99 attacks in the region in October. Asia took third place with 46 (10%) attacks and overall, November saw an increase (from 3 to 7) in the number of undisclosed targets, meaning unrevealed regions.<\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\">Spotlight \u2013 The return of Carbanak<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">November saw a return of the well-known banking malware Carbanak in ransomware attacks. First emerging in 2014, Carbanak malware has been used by ransomware gangs to infiltrate financial systems by deploying advanced phishing techniques to compromise bank employees. The malware allows threat groups to gain access to networks through human entry points, and criminals to take control of payment processing services.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Carbanak\u2019s popularity had fallen until November, but last month\u2019s use of the malware returned having evolved over recent years. The malware has adapted to incorporate attack vendors and techniques to diversify its effectiveness. Carbanak retuned last month through new distribution chains and has been distributed through compromised websites to impersonate various business-related software. Imposters in November included the CRM platform HubSpot, data management software Veeam and account tool Xero.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Matt Hull, Global Head of Threat Intelligence at NCC Group said: \u201cAfter a dip in ransomware levels in October, the return to another active month in November brings the total number of ransomware attacks in 2023 beyond what we predicted. With one month of the year still to go, the total number of attacks has surpassed 4,000, which marks a huge increase from 2021 and 2022, so it will be interesting to see if ransomware levels continue to climb next year.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">\u201cAs we\u2019re nearing the end of the year, it\u2019s important for businesses to remain prepared and not become complacent. In the lead up to Christmas, ransomware groups are typically active to push profits before taking a somewhat break over the festive period. As we look to the new year, with the Industrials sector in particular remaining the most attractive sector for ransomware gangs, cybersecurity must be a key priority for the industry to improve supply chain resilience.\u201d<\/span><\/p>\n<p><a href=\"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/ransomware-attacks-in-november-rise-67-from-2022\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Total ransomware cases up 30% from October Industrials (33%), Consumer<\/p>\n","protected":false},"author":12,"featured_media":2245,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-2244","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/ransomware-attacks-in-november-rise-67-from-2022.png?fit=3840%2C2160&ssl=1",3840,2160,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/ransomware-attacks-in-november-rise-67-from-2022.png?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/ransomware-attacks-in-november-rise-67-from-2022.png?fit=300%2C169&ssl=1",300,169,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/ransomware-attacks-in-november-rise-67-from-2022.png?fit=640%2C360&ssl=1",640,360,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/ransomware-attacks-in-november-rise-67-from-2022.png?fit=640%2C360&ssl=1",640,360,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/ransomware-attacks-in-november-rise-67-from-2022.png?fit=1536%2C864&ssl=1",1536,864,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/ransomware-attacks-in-november-rise-67-from-2022.png?fit=2048%2C1152&ssl=1",2048,1152,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/ransomware-attacks-in-november-rise-67-from-2022.png?fit=1024%2C576&ssl=1",1024,576,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/ransomware-attacks-in-november-rise-67-from-2022.png?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/ransomware-attacks-in-november-rise-67-from-2022.png?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/ransomware-attacks-in-november-rise-67-from-2022.png?fit=3840%2C2160&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2244","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=2244"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2244\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/2245"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=2244"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=2244"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=2244"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}