Average Indian firm hit by 2,152 cyber-attacks, 20% up YoY: Report

The average number of attacks per organisation in India reached 2,152 in the first half of 2023, indicating a y-o-y increase of 20%, according to a report published on Saturday.

In H1 2023, 48 ransomware groups were traced, said the report by cyber security and research firm Check Point Research, which added that with Lockbit3 was the most active ransomware during that period.

Besides, the emergence of new groups like Play is associated with the termination of Hive and Conti Ransomware-as-a-Service (RaaS) groups, it said. For example, this group, responsible for cyber-attacks against the city of Oakland, an attack on the Judiciary of Córdoba in Argentina and on the German chain H-Hotels, is targeting security managed service providers to gain initial access and using up to a half-decade-old vulnerabilities in security appliances.

“Criminal activities have continued to rise in the first half of the year, with an 8% surge in global weekly cyber-attacks in the second quarter marking the highest volume in two years,” Maya Horowitz, VP Research at Check Point Software.

“Even legacy technology such as USB storage devices, which have long been gathering dust in desk drawers, have gained popularity as a malware messenger" Horowitz added.

The manufacturing and retail sectors have seen the most victims, suggesting a shift in ransomware attack strategy.

“Ransomware groups have stepped up their game, exploiting vulnerabilities in commonly used corporate software and shifting their approach from data encryption to data theft,” the report mentioned.

Notably, USB devices have resurfaced as significant threats, with both state-affiliated groups and cybercriminals deploying USB drives as vectors for infecting organisations globally.

The report further said that artificial intelligence (AI) misuse has amplified, with generative AI tools being used to craft phishing emails, keystroke monitoring malware, and basic ransomware code, calling for stronger regulatory measures, according to the report.

To be sure, another report published last week also noted that despite ransomware cases showing slight decline volume and impact of targeted attacks are on the rise. Cybersecurity firm Fortinet has found that cyber criminals are now more targeted with their attacks, choosing to infect high-value companies over individual users.

“In recent years, more sophisticated attackers have shifted to targeted ransomware approaches in search of bigger payouts. These attackers target very specific organisations based on their ability  to pay large ransoms, using customised tactics, techniques and procedures,” Derek Manky, Chief Security Strategist & Global VP Threat Intelligence, FortiGuard Labs, said.

According to researchers from cyber security firm CyberArk, these attackers are very creative, often going to great lengths to understand a victim’s technology stack so they can identify and exploit vulnerabilities, while pinpointing the most valuable data to encrypt and hold for ransom.

John Shier, field CTO at Sophos believes while cyber security teams are becoming more proficient at detecting threats, attackers are also augmenting their strategies. 

The result, as noted by a report published on Thursday, showed that even though “dwell times”, which marks the time from when an attack begins to when it is detected, dropped a two-percentage point, newer and more sophisticated cyber threats continue to evolve, as threat actors are accelerating attacks and adopting new techniques.