The Public Sector’s Troubled Relationship to Ransomware in 2023: A Year in Review

By Ram Movva, CEO at Securin [ Join Cybersecurity Insiders ]
By Ram Movva, CEO at Securin

This past year showed us that the ransomware landscape is only getting increasingly sophisticated. This can be seen through ransomware attacks steadily increasing scale, frequency, cost and impact. In fact, 2023 broke the record in ransomware payouts, exceeding $1 billion globally; a stark increase from the $567 million in ransomware payouts seen in 2022.

Securin’s 2023 Year in Review: Ransomware Report, analyzed the 230,648 Common Vulnerabilities and Exposures (CVEs) listed in the National Vulnerability Database (NVD), prioritizing them on severity, affected systems, and vulnerability characteristics. Below are some of the key findings and themes from this year’s report.

Ransomware is on the rise 

The public sector has seen its fair share of breaches and ransomware attacks throughout 2023. The MGM Resorts breach is a prime example as the Scattered Spider ransomware group utilized BlackCat/ALPHV-developed ransomware to gain access to all the resort’s websites and mobile app. Furthermore, they shut down digital hotel room keys, took slot machines offline, and gained access to guests’ personal information.

Two other notable breaches were orchestrated by the Cl0p ransomware group. Cl0p exploited a zero-day vulnerability within Fortra GoAnywhere Managed File Transfer (vulnerability identified as CVE-2023-0669) resulting in 2095 organizations being affected. The MOVEit Transfer breach (vulnerability identified as CVE-2023-34362) was also notably carried out by Cl0p, which compromised over 1,000 organizations and affected more than 60 million individuals.

The public sector also includes government services as well as public goods. This means that as we enter 2024, if we do not continue to evolve with the ransomware landscape and learn from the breaches that took place in 2023; then further sections of the public sector such as the military, infrastructure, public education, law enforcement, public transit, and healthcare are all at risk of a ransomware attack.

New Year, New Threats  

Securin’s report identified that in 2023 there were 38 new vulnerabilities associated with ransomware. This report also provides a deep dive into the state of ransomware as 2024 begins, with critical information on newly identified vulnerabilities, insight into the most significant ransomware attacks, and new ransomware families and APT groups.

“These discoveries are alarming, but they are far from surprising. Talking to our customers over the last year, we have heard the same thing repeatedly: the attacks, successful or thwarted, keep coming. This onslaught, combined with an ongoing talent shortage and slashed IT budgets, has created a combustible situation for organizations of every kind,” said Ram Movva, CEO and co-founder of Securin.

In 2023, the ransomware landscape was dominated by three notorious groups: Cl0p, BlackCat, and Vice Society. These entities spearheaded a wave of cyberattacks that targeted high-profile organizations such as MOVEit Transfer, and the Industrial and Commercial Bank of China. Their coordinated efforts resulted in significant disruptions and financial losses, highlighting the escalating threat posed by ransomware groups on a global scale.

As the frequency and severity of ransomware attacks surged, so did the number of vulnerabilities associated with these malicious activities. From 344 in the previous year, the tally climbed to 382 in 2023, underscoring the expanding attack surface for cybercriminals to exploit. Among these vulnerabilities, the Progress MOVEit Transfer Vulnerability (CVE-2023-34362) stood out the most.

Despite efforts to bolster defenses, a concerning revelation surfaced regarding the efficacy of popular vulnerability scanners. Sixteen ransomware-associated Common Vulnerabilities and Exposures (CVEs) managed to evade detection by widely-used scanners like Nessus, Qualys, and Nexpose, remaining hidden during routine vulnerability scans. However, approaches such as those employed by Securin, proved instrumental in uncovering these stealthy threats. This underscores the necessity for a multifaceted approach to cybersecurity that combines proactive detection methods with cutting-edge technologies to stay one step ahead of cyber adversaries.

“Addressing these challenges head on, with the best information possible, will be essential to keeping the worst from transpiring in 2024,” said Movva. “The fact is that, despite increased vigilance, major vulnerabilities continue to be ignored. Third-party

software manufacturers and repositories are both struggling to stay fully informed of the active threats facing every organization. Our predictive platform has long been able to fill this gap for our customers, illuminating active threats before ransomware gangs began weaponizing them.”

It’s Time To Take Control of Security  

As our society continues to become more advanced, so does the ransomware landscape alongside it. These advancements prove that cyber resilience is no longer an option – it is a necessity in order to create a secure future.

If security leaders want to protect their data, especially within the public sector, then it is imperative to prioritize staying ahead of the latest ransomware threats by implementing preventative measures, remaining vigilant and being dedicated to action when  facing potential vulnerabilities and ransomware threats.

For organizations, this can mean implementing training and routine learning cycles for employees on basic security practices. Typically, employees are overlooked in an organization’s overall security plan, essentially creating a new layer of vulnerability in organizational systems that can be exploited by bad actors. Organizations can implement a more comprehensive cybersecurity approach that considers all angles by simply educating and empowering their employees on how to take proactive security measures.


No posts to display