Attackers Targeting VPNs Account for 28.7 Percent of Ransomware Incidents in Q3 According to Corvus Insurance Cyber Threat Report
Attackers Targeting VPNs Account for 28.7 Percent of Ransomware Incidents in Q3 According to Corvus Insurance Cyber Threat Report
"Attackers are focused on finding the path of least resistance into a business to launch an attack, and in Q3 that entry point was the VPN," said Ransomware Activity for Q3 2024 Dominated by Established Groups including RansomHub, PLAY and LockBit 3.0
2024年第三季度的勒索软件活动主要被包括RansomHub、PLAY和LockBit 3.0在内的成熟团体主导。
BOSTON, Nov. 20, 2024 /PRNewswire/ -- Corvus Insurance, a wholly owned subsidiary of The Travelers Companies, Inc., today released its Q3 2024 Cyber Threat Report, The Ransomware Ecosystem is Increasingly Distributed, which showed that attackers leveraging virtual private network (VPN) vulnerabilities and weak passwords for initial access contributed to nearly 30% of ransomware attacks.
波士顿,2024年11月20日 /PRNewswire/ -- Corvus 保险, 是一家完全拥有的子公司,隶属于旅行者公司,今天发布了其2024年第三季度网络威胁报告, 勒索软件生态系统正变得越来越分散该报告显示,利用虚拟私人网络(vpn)漏洞和弱密码进行初步访问的攻击者占到了近30%的勒索软件攻击。
According to the Q3 report, many of these incidents were traced to outdated software or VPN accounts with inadequate protection. For example, common usernames such as "admin" or "user" and a lack of multi-factor authentication (MFA) made accounts vulnerable to automated brute-force attacks, where attackers exploit publicly accessible systems by testing combinations of these weak credentials, frequently achieving network access with minimal effort.
根据第三季度的报告,许多此类事件被追溯到过时的软件或保护不足的vpn账户。例如,像"admin"或"user"这样的常用用户名以及缺乏多因素身份验证(MFA)使账户容易受到自动暴力攻击的威胁,攻击者通过测试这些弱凭据的组合来利用公共可访问的系统,通常能以最小的努力获得网络访问。
"Attackers are focused on finding the path of least resistance into a business to launch an attack, and in Q3 that entry point was the VPN," said Jason Rebholz, Chief Information Security Officer at Corvus. "As we look forward, businesses must strengthen defenses with multi-layered security approaches that extend beyond MFA. Today, MFA is mere table stakes and must be complemented with secure access controls capable of shoring up these current and future areas of vulnerability."
"攻击者专注于寻找进入业务的最低阻力路径以发起攻击,在第三季度,这一进入点是vpn," Corvus首席信息安全官Jason Rebholz表示。"展望未来,企业必须通过多层安全方法来加强防御,这些方法不仅仅限于MFA。今天,MFA仅仅是基础,必须配合能够弥补当前和未来脆弱区域的安全访问控制。"
The Ransomware Ecosystem
Using data collected from ransomware leak sites, Corvus identified 1,248 victims in Q2, marking the highest number the company has recorded in any second quarter. This level of activity persisted in Q3, when there were 1,257 attacks.
勒索软件生态系统
根据从勒索软件泄露网站收集的数据,Corvus在第二季度识别出1,248名受害者,创下了公司在任何第二季度记录的最高数量。这种活动水平在第三季度持续,攻击数量达到1,257次。
Forty percent of the Q3 attacks can be traced to five groups: RansomHub, PLAY, LockBit 3.0, MEOW and Hunters International. Of these five, RansomHub was the most active in the quarter, with 195 reported victims (up 160% over Q2), while activity from LockBit 3.0 fell sharply, from 208 victims in Q2 to 91 in Q3.
第三季度的攻击中,有40%的来源可以追溯到五个团体:RansomHub、PLAY、LockBit 3.0、MEOW和Hunters International。在这五个团体中,RansomHub在本季度最为活跃,共报告195名受害者(较第二季度上涨160%),而LockBit 3.0的活动急剧下降,从第二季度的208名受害者降至第三季度的91名。
While the sources behind many of these attacks were relatively consolidated, the ransomware ecosystem did grow over this period, with 59 total groups identified by the end of Q3. This increase is noteworthy since new entrants can quickly become disruptive forces. For example, following law enforcement's takedown of LockBit in Q1, RansomHub, which emerged in February 2024, quickly filled the void, becoming one of the more prolific and dangerous cybercriminal groups. In 2024, RansomHub has claimed more than 290 victims across various sectors.
尽管许多攻击的来源相对集中,但在此期间,勒索软件生态系统确实增长,到第三季度末共识别出59个团体。这一增长值得注意,因为新进入者可以迅速成为破坏性力量。例如,在执法部门在第一季度取缔LockBit后,RansomHub在2024年2月迅速填补了这一空白,成为较为高产且危险的网络犯罪团体之一。在2024年,RansomHub在各个行业中声称了超过290名受害者。
Key Industry Trends: Construction Remains Most Impacted Industry in Q3
In the third quarter, the construction industry remained the most impacted sector, with 83 reported victims. That's up 7.8% from the 77 attacks reported in Q2 and was driven by ransomware groups like RansomHub, which continue to target infrastructure and related sectors. Healthcare organizations also experienced a significant increase, with 53 reported victims, up 12.8% from the 42 victims reported in Q2.
主要行业趋势:施工行业在第三季度继续受到最大影响
在第三季度,施工行业仍然是受影响最严重的板块,共报告83名受害者。这比第二季度报告的77次攻击增加了7.8%,主要是受到像RansomHub这样的勒索软件团体影响,后者继续针对制造行业及相关板块。医疗机构的受害者也显著增加,共报告53名受害者,比第二季度报告的42名受害者增加了12.8%。
To learn more, a webinar titled "Analyzing Q3 2024 Ransomware Activity" is scheduled for November 20 at 11:00 a.m. EST and will feature Corvus experts. Click HERE to register and for more information. You can also read the complete Corvus Q3 2024 Cyber Threat Report HERE.
想了解更多信息,题为"分析2024年第三季度勒索软件活动"的网络研讨会定于11月20日上午11:00(东部标准时间)举行,届时将有Corvus专家参加。点击 这里 注册和获取更多信息。您还可以阅读完整的Corvus 2024年第三季度网络威胁报告。 这里.
About Corvus Insurance
Corvus Insurance is building a safer world through insurance products and digital tools that reduce risk, increase transparency, and improve resilience for policyholders and program partners. Our market-leading specialty insurance products are enabled by advanced data science and include Smart Cyber Insurance and Smart Tech E+O. Our digital platforms and tools enable efficient quoting and binding and proactive risk mitigation. Corvus Insurance offers insurance products in the U.S., Middle East, Europe, Canada, and Australia. Corvus Insurance, Corvus London Markets, and Corvus Germany are the marketing names used to refer to Corvus Insurance Agency, LLC; Corvus Agency Limited; and Corvus Underwriting GmbH. All entities are subsidiaries of Corvus Insurance Holdings, Inc. Corvus Insurance, a wholly owned subsidiary of The Travelers Companies, Inc., was founded in 2017 and is headquartered in Boston, Massachusetts with offices across the U.S., in the UK, and Germany. For more information, visit corvusinsurance.com.
关于Corvus保险
Corvus Insurance is building a safer world through insurance products and digital tools that reduce risk, increase transparency, and improve resilience for policyholders and program partners. Our market-leading specialty insurance products are enabled by advanced data science and include Smart Cyber Insurance and Smart Tech E+O. Our digital platforms and tools enable efficient quoting and binding and proactive risk mitigation. Corvus Insurance offers insurance products in the U.S., Middle East, Europe, Canada, and Australia. Corvus Insurance, Corvus London Markets, and Corvus Germany are the marketing names used to refer to Corvus Insurance Agency, LLC; Corvus Agency Limited; and Corvus Underwriting GmbH. All entities are subsidiaries of Corvus Insurance Holdings, Inc. Corvus Insurance, a wholly owned subsidiary of The Travelers Companies, Inc., was founded in 2017 and is headquartered in Boston, Massachusetts with offices across the U.S., in the Uk, and Germany. For more information, visit corvusinsurance.com.
Contact:
Kerry Pillion
[email protected]
联系方式:
凯里·皮利恩
[email protected]
SOURCE Corvus Insurance
来源:Corvus 保险
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
想要您公司的新闻在PRNEWSWIRE.COM上特色呈现吗?
