CL0P Takes the Spotlight in New Cyber Threat Report

For IT and tech security professionals concerned that ransomware might be as bad as ever … it is. The latest Global Cyber Threat Intelligence report from NCC Group provides alarming statistics for July 2023. In that month alone, there were a record-breaking 502 ransomware attacks, as well as a 154% increase over the same month last year and a 16% jump over 434 attacks recorded in June.

While there’s never only one cybercriminal group involved in these attacks, there’s often a dominant player, and that was true for July 2023. Thanks to its exploitation of the MOVEit vulnerability, the entity known as CL0P took the top spot by perpetrating 171 attacks, fully a third of the total. Although the full extent of the damage is still being assessed, it’s evident that hat hundreds of organizations and potentially millions of individuals worldwide have fallen victim to this ransomware variant. CL0P appears relentless in its goal to extort data via the MOVEit file transfer program. LockBit 3.0, another well-known cyber gang, chalked up second place with 50 attacks, marking a 17% drop compared to the previous month.

While new threat actors have emerged, some may be older rebranded versions of older threat actors. For example, Noescape, responsible for 16 attacks, could be the new identity of Avaddo. This one’s preferred targets are VPN vulnerabilities.

Related:Making Sense of Ransomware Attack Statistics in 2023

In terms of market sectors, the industrial sector, home to critical information and intellectual property, led with 155 (31%) of all ransomware attacks, a record high for the year. The consumer cyclicals sector is far behind with 79 cases, while the technology sector saw nearly as many with 72 attacks. 

NCC Group_Global Ransomware Attacks by Month, 2022 - 2023

On a global scale, North America is experiencing more than half (274) of all ransomware attacks. That’s a 51% increase from June. Europe was hit with 43 cases, a 27% rise from the previous month, while Asia recorded 36 attacks, making up 7% of the total. 

Digging a little deeper, the data reveals some worrisome trends. Professional and commercial services were favored targets within the industrial sector. Among the top threat actors, CL0P, LockBit 3.0, and 8Base were identified as the force behind nearly half (48%) of the attacks. However, the financial services sector is increasingly in the crosshairs, targeted by both state-sponsored groups like North Korea’s Lazarus and profit-seeking entities like FIN7. What’s noteworthy here is that these threats are becoming more sophisticated. While no one is dismissing the danger of ransomware, it’s clear that even greater vigilance is required.

The report’s data was gathered by NCC Group through active monitoring of leak sites favored by ransomware groups. The global threat intelligence team scrapes victim details as they are released, classifies victims by sector, and uses the data to derive insights into attack patterns and the evolving threat landscape.