Cybersecurity

No summer relief from ransomware attacks, NCC Group study finds

“We will continue to see higher numbers for the rest of the year,” NCC Group head of threat intelligence told IT Brew.
article cover

Francis Scialabba

3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

New research from security company NCC Group indicates that the rise in ransomware attacks this year didn’t slow down for summer.

There were 502 attacks in July, up 154% from the previous year, according to research the group published August 22.

Even without the spike in MOVEit attacks by hacking gang Cl0p, which perpetrated 171 of the attacks in July, the total was still up 53% year over year, according to NCC researcher Matt Hull.

“It’s highly inflated numbers, but it doesn’t change that general trend across the board for the year,” Hull told IT Brew.

The MOVEit vulnerability was patched in mid-June, but Hull assumes adoption likely lagged. He told IT Brew in an email after the interview that while attacks in August were twice as high as in August 2022, they “much lower than July.”

Findings, by the numbers:

  • The industrial sector continues to be hardest hit by ransomware threat actors, accounting for 155 (31% of) attacks in July
  • Consumer cyclicals, most notably the hotel and entertainment industries, media, and retail, accounted for 79 (16% of) attacks
  • Technology, primarily software and IT, was the target of 72 (14% of) attacks
  • Threat actors overwhelmingly targeted North America in July, with 55% of the attacks
  • Cl0p led July with 34% of July’s attacks; LockBit 3.0 attacks declined 17% month over month and represented 10% of attacks in July

The ruckus. As IT Brew previously reported, there was a slight lull in ransomware incidents in 2022, due in part to the war in Ukraine.

In 2023, though, attacks are largely up across the board. Hull thinks that’s not going to change anytime soon, telling IT Brew that absent major upheaval, attacks will continue to increase.

“I see that trend continuing—in simple terms, we will continue to see higher numbers for the rest of the year,” Hull said, adding, “it would take something pretty significant to have a fundamental impact on it at this point.”

Cash rules everything around me. Hull noted that while more traditional sectors like industrials remain the primary target of ransomware threat actors, he has noticed an uptick in the financial sector. That might not be meaningful, as attacks on different sectors ebb and flow from month to month, but it’s worth watching, he told us.

“Financial services has been heavily regulated now for 15, 20, if not 30 years,” Hull said. “And what’s come with that is there’s a number of frameworks around the globe, which mean that financial services have to employ good security budgets, good security measures, and they are regulated…that has made those types of organizations harder targets.”

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.