Attackers Targeting VPNs Account for 28.7 Percent of Ransomware Incidents in Q3 According to Corvus Insurance Cyber Threat Report
Attackers Targeting VPNs Account for 28.7 Percent of Ransomware Incidents in Q3 According to Corvus Insurance Cyber Threat Report
"Attackers are focused on finding the path of least resistance into a business to launch an attack, and in Q3 that entry point was the VPN," said Ransomware Activity for Q3 2024 Dominated by Established Groups including RansomHub, PLAY and LockBit 3.0
2024年第三季度的勒索軟件活動主要被包括RansomHub、PLAY和LockBit 3.0在內的成熟團體主導。
BOSTON, Nov. 20, 2024 /PRNewswire/ -- Corvus Insurance, a wholly owned subsidiary of The Travelers Companies, Inc., today released its Q3 2024 Cyber Threat Report, The Ransomware Ecosystem is Increasingly Distributed, which showed that attackers leveraging virtual private network (VPN) vulnerabilities and weak passwords for initial access contributed to nearly 30% of ransomware attacks.
波士頓,2024年11月20日 /PRNewswire/ -- Corvus 保險, 是一家完全擁有的子公司,隸屬於旅行者公司,今天發佈了其2024年第三季度網絡威脅報告, 勒索軟件生態系統正變得越來越分散該報告顯示,利用虛擬私人網絡(vpn)漏洞和弱密碼進行初步訪問的攻擊者佔到了近30%的勒索軟件攻擊。
According to the Q3 report, many of these incidents were traced to outdated software or VPN accounts with inadequate protection. For example, common usernames such as "admin" or "user" and a lack of multi-factor authentication (MFA) made accounts vulnerable to automated brute-force attacks, where attackers exploit publicly accessible systems by testing combinations of these weak credentials, frequently achieving network access with minimal effort.
根據第三季度的報告,許多此類事件被追溯到過時的軟件或保護不足的vpn帳戶。例如,像"admin"或"user"這樣的常用用戶名以及缺乏多因素身份驗證(MFA)使帳戶容易受到自動暴力攻擊的威脅,攻擊者通過測試這些弱憑據的組合來利用公共可訪問的系統,通常能以最小的努力獲得網絡訪問。
"Attackers are focused on finding the path of least resistance into a business to launch an attack, and in Q3 that entry point was the VPN," said Jason Rebholz, Chief Information Security Officer at Corvus. "As we look forward, businesses must strengthen defenses with multi-layered security approaches that extend beyond MFA. Today, MFA is mere table stakes and must be complemented with secure access controls capable of shoring up these current and future areas of vulnerability."
"攻擊者專注於尋找進入業務的最低阻力路徑以發起攻擊,在第三季度,這一進入點是vpn," Corvus首席信息安全官Jason Rebholz表示。"展望未來,企業必須通過多層安全方法來加強防禦,這些方法不僅僅限於MFA。今天,MFA僅僅是基礎,必須配合能夠彌補當前和未來脆弱區域的安全訪問控制。"
The Ransomware Ecosystem
Using data collected from ransomware leak sites, Corvus identified 1,248 victims in Q2, marking the highest number the company has recorded in any second quarter. This level of activity persisted in Q3, when there were 1,257 attacks.
勒索軟件生態系統
根據從勒索軟件泄露網站收集的數據,Corvus在第二季度識別出1,248名受害者,創下了公司在任何第二季度記錄的最高數量。這種活動水平在第三季度持續,攻擊數量達到1,257次。
Forty percent of the Q3 attacks can be traced to five groups: RansomHub, PLAY, LockBit 3.0, MEOW and Hunters International. Of these five, RansomHub was the most active in the quarter, with 195 reported victims (up 160% over Q2), while activity from LockBit 3.0 fell sharply, from 208 victims in Q2 to 91 in Q3.
第三季度的攻擊中,有40%的來源可以追溯到五個團體:RansomHub、PLAY、LockBit 3.0、MEOW和Hunters International。在這五個團體中,RansomHub在本季度最爲活躍,共報告195名受害者(較第二季度上漲160%),而LockBit 3.0的活動急劇下降,從第二季度的208名受害者降至第三季度的91名。
While the sources behind many of these attacks were relatively consolidated, the ransomware ecosystem did grow over this period, with 59 total groups identified by the end of Q3. This increase is noteworthy since new entrants can quickly become disruptive forces. For example, following law enforcement's takedown of LockBit in Q1, RansomHub, which emerged in February 2024, quickly filled the void, becoming one of the more prolific and dangerous cybercriminal groups. In 2024, RansomHub has claimed more than 290 victims across various sectors.
儘管許多攻擊的來源相對集中,但在此期間,勒索軟件生態系統確實增長,到第三季度末共識別出59個團體。這一增長值得注意,因爲新進入者可以迅速成爲破壞性力量。例如,在執法部門在第一季度取締LockBit後,RansomHub在2024年2月迅速填補了這一空白,成爲較爲高產且危險的網絡犯罪團體之一。在2024年,RansomHub在各個行業中聲稱了超過290名受害者。
Key Industry Trends: Construction Remains Most Impacted Industry in Q3
In the third quarter, the construction industry remained the most impacted sector, with 83 reported victims. That's up 7.8% from the 77 attacks reported in Q2 and was driven by ransomware groups like RansomHub, which continue to target infrastructure and related sectors. Healthcare organizations also experienced a significant increase, with 53 reported victims, up 12.8% from the 42 victims reported in Q2.
主要行業趨勢:施工行業在第三季度繼續受到最大影響
在第三季度,施工行業仍然是受影響最嚴重的板塊,共報告83名受害者。這比第二季度報告的77次攻擊增加了7.8%,主要是受到像RansomHub這樣的勒索軟件團體影響,後者繼續針對製造行業及相關板塊。醫療機構的受害者也顯著增加,共報告53名受害者,比第二季度報告的42名受害者增加了12.8%。
To learn more, a webinar titled "Analyzing Q3 2024 Ransomware Activity" is scheduled for November 20 at 11:00 a.m. EST and will feature Corvus experts. Click HERE to register and for more information. You can also read the complete Corvus Q3 2024 Cyber Threat Report HERE.
想了解更多信息,題爲"分析2024年第三季度勒索軟件活動"的網絡研討會定於11月20日上午11:00(東部標準時間)舉行,屆時將有Corvus專家參加。點擊 這裏 註冊和獲取更多信息。您還可以閱讀完整的Corvus 2024年第三季度網絡威脅報告。 這裏.
About Corvus Insurance
Corvus Insurance is building a safer world through insurance products and digital tools that reduce risk, increase transparency, and improve resilience for policyholders and program partners. Our market-leading specialty insurance products are enabled by advanced data science and include Smart Cyber Insurance and Smart Tech E+O. Our digital platforms and tools enable efficient quoting and binding and proactive risk mitigation. Corvus Insurance offers insurance products in the U.S., Middle East, Europe, Canada, and Australia. Corvus Insurance, Corvus London Markets, and Corvus Germany are the marketing names used to refer to Corvus Insurance Agency, LLC; Corvus Agency Limited; and Corvus Underwriting GmbH. All entities are subsidiaries of Corvus Insurance Holdings, Inc. Corvus Insurance, a wholly owned subsidiary of The Travelers Companies, Inc., was founded in 2017 and is headquartered in Boston, Massachusetts with offices across the U.S., in the UK, and Germany. For more information, visit corvusinsurance.com.
關於Corvus保險
Corvus Insurance is building a safer world through insurance products and digital tools that reduce risk, increase transparency, and improve resilience for policyholders and program partners. Our market-leading specialty insurance products are enabled by advanced data science and include Smart Cyber Insurance and Smart Tech E+O. Our digital platforms and tools enable efficient quoting and binding and proactive risk mitigation. Corvus Insurance offers insurance products in the U.S., Middle East, Europe, Canada, and Australia. Corvus Insurance, Corvus London Markets, and Corvus Germany are the marketing names used to refer to Corvus Insurance Agency, LLC; Corvus Agency Limited; and Corvus Underwriting GmbH. All entities are subsidiaries of Corvus Insurance Holdings, Inc. Corvus Insurance, a wholly owned subsidiary of The Travelers Companies, Inc., was founded in 2017 and is headquartered in Boston, Massachusetts with offices across the U.S., in the Uk, and Germany. For more information, visit corvusinsurance.com.
Contact:
Kerry Pillion
[email protected]
聯繫方式:
凱里·皮利恩
[email protected]
SOURCE Corvus Insurance
來源:Corvus 保險
