The number of reported ransomware attacks between January and September 2023 surpassed the total for the entire year of 2022, as indicated by a recent report from Apple.
Apple-commissioned data breach report, spearheaded by MIT Professor of Information Technology Stuart Madnick, uncovered a staggering 2.6 billion records pilfered by hackers between 2021 and 2022. The findings, released on Thursday, underscore a disconcerting 20% surge in breaches during the first three quarters of 2023 compared to the entirety of the preceding year.
Madnick's comprehensive report amalgamates statistics and case studies from over 200 sources, providing a panoramic view of data breaches over the past two years. The report articulates a growing menace posed by increasingly sophisticated ransomware attacks and assaults on third-party vendors, emerging as pivotal factors in the expanding landscape of data breaches.
Ransomware's Resurgence: A Shifting Landscape
Ransomware attacks have experienced an alarming uptick, witnessing a nearly 70% surge in the initial nine months of 2023 compared to the same period in the previous year. Notably, the total count of ransomware attacks reported from January to September 2023 surpassed the entire tally for 2022.
The report highlights a shift in the strategies of ransomware gangs, including notorious entities such as LockBit, ALPHV/BlackCat, and Clop. These groups often launch multiple attacks on the same victim using diverse variants and extend their influence by offering ransomware-as-a-service (RaaS). A significant evolution noted is the transition from merely ransoming encrypted records to threatening the exposure of sensitive data on the dark web if the ransom is not paid.
"As organizations have been able to retrieve their customer data through backups and other countermeasures, hackers are becoming more aggressive, often leaking the stolen data on the dark web," the report stated.
Third-Party Vendors: A Weak Link in the Chain
The report underscores the exploitation of third-party vendors supplying software and services to multiple clients as a prime contributor to extensive data breaches in 2023. Cybercriminals leverage the weaker cybersecurity defenses of smaller companies to breach larger customers, orchestrating more devastating attacks in a single incursion.
An alarming statistic from SecurityScorecard research, cited in the report, reveals that a staggering 98% of organizations have a relationship with a vendor breached within the last two years. The MOVEit hack in May 2023 serves as a stark example, where the ransomware group Clop exploited a vulnerability in the MOVEit file transfer software, impacting over 2,300 organizations and costing over $10 billion globally.
Cloud Security Imperative: Apple's Call to Action
The report emphasizes a 'mass migration' of data to cloud environments in recent years, making cloud misconfiguration a major security concern. According to IBM's 2023 "Cost of a Data Breach Report," over 80% of data breaches involve data stored in the cloud.
In response, Apple, in a press release accompanying the report, stressed the critical need for encrypting data stored in the cloud. Apple's Advanced Data Protection for iCloud, launched in December 2022, employs end-to-end encryption to safeguard 23 data categories, exceeding default iCloud settings by nine. The report also lauds initiatives such as Google's February 2023 expansion of client-side encryption, WhatsApp's default end-to-end encryption of messages, and the "privacy-first" workspace suite Skiff as commendable efforts by vendors to fortify consumer data against breaches.
Fortifying Your Defenses: Network 512 to the Rescue
As the digital landscape continues to evolve, the need for robust cybersecurity measures is more critical than ever. If your company is seeking comprehensive protection against cybercrime, Network 512 a leading Cybersecurity and IT Managed Services company is committed to safeguarding your organization from the growing threats of the digital age. With a wealth of expertise and cutting-edge solutions, ready to fortify your defenses and ensure the security of your valuable data. Partner with Network 512 and stay one step ahead of cyber adversaries.
