Dive Brief:
- The volume of ransomware threats surged in June to more than 1.2 million incidents, reaching levels last observed in January, according to Barracuda Networks research released Tuesday.
- The spikes in ransomware activity preceded periods of slowdown, dipping to a 2022 low of about 350,000 attempts in March. But these downward trends are temporary and often correlate to cryptocurrency values, Barracuda Networks CTO Fleming Shi said. “When there is a spike on crypto you get more ransom threats and more attacks.”
- Attacks on critical infrastructure organizations quadrupled during the last year, according to Barracuda researchers who specifically studied 106 highly publicized ransomware attacks.
Dive Insight:
The pace and scale of ransomware attempts conveys the extent to which malicious actors pose an unrelenting risk to businesses of all types and sizes.
Barracuda reported total ransomware attempts observed by its security operations center to underscore the prevalence of the ransomware threat at large, Shi said. Zero-day threats, malware and advanced persistent threats are no longer the go-to weapon for many cybercriminals, he said.
Education, healthcare, municipalities, infrastructure and finance remain the most targeted organizations among the 106 ransomware attacks Barracuda deemed highly publicized.
Threat actors exploit these industries in particular because they’re more likely to pay a ransom demand due to the critical nature of their operations. “The urgency is the chip they’re trying to play to make sure they’re getting paid,” Shi said.
Beyond the five most targeted industries, service providers were hit the most, according to Barracuda.
This provides further evidence of what Shi describes as a “single-attack harvest.” Third-party vendor attacks are growing because threat actors can turn an attack on one organization into attacks on many.
“It’s a concentration point for attack,” he said.
Most service providers employ multi-tenancy infrastructure, which serves as a foundation for SaaS offerings to be sold to many customers, Shi said. Oftentimes those customers lead to more extensions, which present threat actors with more potential targets.