According to the June Cyber Threat Intelligence Report from Flashpoint, there were 475 observed ransomware attacks in June 2023. Leading the way were LockBit with 97 and Clop with 91. The nearest challenger to these two was BlackCat, with just 41. It shows how prevalent these two have become and how effective their infection rates are.
When it comes to target industries, the most targeted are Internet Software & Services (18.9%) and Construction and Engineering (16.93%). Interestingly, despite the FBIs stance on paying ransoms, the US is still the most targeted nation, with 226 reported attacks. That is almost 50% of all reported attacks.
Remote execution leads vulnerability exploitation
There is increasing concern over the rate of new vulnerabilities being announced and how they are exploited. Flashpoint reports that over 53% of last month’s vulnerabilities could be remotely executed. It means that organisations and individuals can be attacked from around the globe. 622 of the vulnerabilities already had an exploit in the wild. To add to this, 73% (1,342) already had a solution in place.
The top four vendors targeted were – Canonical, Google, Microsoft and SUSE. The top four products were Ubuntu, Google Pixel, Pixel Watch and Debian Linux. The focus on the Pixel products suggests a coordinated campaign to identify weaknesses.
The numbers show a bigger challenge. For example, of the 1,828 new vulnerabilities reported, 395 (21%) were missed by the CVE and NVD reporting databases. It means that for those organisations that rely on those sources to inform their security teams, there were weaknesses in the intelligence.
With so many vulnerabilities, some organisations will wonder how they are supposed to deal with them. Flashpoint suggests that the issue is far from as bad as thought. Focusing on actionable, high-severity vulnerabilities will reduce workload by 87%. It’s worth thinking about.
Enterprise Times: What does this mean?
This data misses any correlation between the number of successful ransomware attacks and the number of vulnerabilities. It would have been interesting to see how quickly new vulnerabilities were being exploited. Also, how many ransomware attacks could have been reported by installing existing solutions?