Ransomware attacks 2023: new record values

With 459 ransomware attacks, March 2023 has become the record month of the last few years – which were rich in ransomware. The number of attacks increased by 91% compared to the previous month, and by 62% compared to March of the previous year. [1]

Industrial companies still targeted by ransomware attacks in 2023

Due to the better economic efficiency for the attackers, the target of ransomware attacks is primarily companies, with industrial companies being increasingly affected. The damages for ransomware victims range from (not recommended!) ransom payments and recovery times or work to the loss of sensitive data and business shutdowns.

“In the industrial sector, high levels of impairment are often caused by collateral damage – by accidental infections that transmit dangerous ransomware to industrial systems,” knows Herbert Dirnberger, Industrial Cyber-Security Expert at IKARUS. Classic IT security measures do not provide much protection for industrial systems. “It is important to secure the transition between IT and OT with suitable measures,” advises Herbert Dirnberger: “Well-protected companies can be recognised by the fact that all OT assets and their risks are known. If such lists are available and responsibilities are clarified, a protection system for production can develop.”

It is not only in critical infrastructures that the stakes are high. “While classic IT is primarily about data and information, operating environments house the company’s core business, production. A system downtime for a few days is expensive. And in the worst case, it’s not only about system security, but also about human lives”, says Herbert Dirnberger.

Need for improvement especially in the security of local SMEs

In IT, classic defence strategies such as functioning data backups are losing effectiveness due to new attack variants such as double extortion: The attackers often no longer just demand a ransom for the release of the encrypted data. They also threaten to release the previously stolen data in case of non-payment.

In 2022, almost one-third of Austrian companies suffered business interruptions of around one week after ransomware attacks, and around 14 percent even suffered interruptions of more than four weeks, according to the current KPMG study “Cybersecurity in Austria 2023”. [2] Overall, the number of cyber-attacks is said to have tripled within a year. Phishing and scam calls are already on the agenda, but more recent attack techniques are also on the rise: around 22 % of the companies surveyed were affected by deep fakes in the previous year, for example.

The current CyberRisk Analysis by KSV1870 Nimbusec GmbH sees small and medium-sized enterprises (SMEs) particularly affected. [3] According to the analysis, 22 % of companies overestimate their own defensive measures and thus believe in false security. Three out of ten companies have not implemented sufficient IT security measures to reliably detect cyber incidents. A quarter of the companies also lack an adequate incident response concept to be able to react quickly and correctly in the event of an attack or security incident.

Number and aggressiveness of cyber-attacks continues to rise in 2023

In addition, according to the Deloitte Cyber Security Report 2023, the number of attacks that could be prevented by technical infrastructure measures has almost halved. [4] Upgrading protective measures and being able to respond quickly to security incidents should therefore be on the to-do list of IT departments. However, while cybercriminals are reacting ever more quickly and professionally to changing circumstances and new opportunities, many companies suffer from a shortage of cyber security professionals who can keep up with the momentum.

An action plan to be prepared in the event of a cyber-attack is therefore indispensable for companies. In addition to preventive protective measures, this emergency plan should include the necessary escalation processes, recovery processes and communication plans as well as contacts who can provide rapid support. After all, despite the acute stress situation, it is important to keep a cool head and observe the legal framework. In addition, a targeted approach can help minimise the damage and shorten the recovery time. All this is made much easier by a predefined guideline and clarified responsibilities.

This might also interest you:

Deepfakes in Cyber attacks
Who takes care of security in the OT?

Sources:
[1] https://www.bleepingcomputer.com/news/security/march-2023-broke-ransomware-attack-records-with-459-incidents/
[2] https://kpmg.com/at/de/home/media/press-releases/2023/05/kpmg-studie-anzahl-der-cyberattacken-innerhalb-eines-jahres-verdreifacht.html (German)
[3] https://www.ksv.at/pressemeldungen/dritte-betrieb-erkennt-cybervorfaelle-nicht (German)
[4] https://www2.deloitte.com/content/dam/Deloitte/at/Documents/presse/at-deloitte-cyber-security-report-2023.pdf (German)