February 2023 Cyber Event Roundup

Dutch Police Report Arrest of Two Suspected Ransomware Operators

‍

The Dutch Police have arrested three individuals for suspected ransomware activity, which generated at least 2.5M Euro in extortion fees. The actors are believed to have attacked thousands of organizations, compromising the data of tens of millions of individuals.

‍

This is another example of successful law enforcement activity against ransomware operations. Such activity has increased over the past year, leading to the arrest of several prominent ransomware group members, such as Revil and Netwalker. This is one factor behind a decline in ransomware attacks since in 2022.

‍

Kovrr Insights: Ransomware

‍

Kovrr’s cyber threat intelligence database provides data to back up the effect successful law enforcement actions, among other factors, have on ransomware. Based on Kovr’s data, not only did the total number of attacks decline by around 8% compared to the previous year, but the average extortion amount was also reduced by 84%.

‍

‍Most Vulnerabilities Exploited by Ransomware Actors Are Several Years Old

‍

An extensive report studying vulnerabilities exploited by ransomware actors uncovered that 76% of vulnerabilities which are still being actively exploited by ransomware have been discovered between 2010 and 2019.

‍

Kovrr Insights: The Importance of Patching

‍

This trend clearly reveal two issues:

‍

1. That malware actors can rely heavily on old, unpatched vulnerabilities, instead of investing time in looking for or exploiting recently found vulnerabilities.
2. That organizations do not patch vulnerabilities - not only are recent vulnerabilities not patched, but also very old vulnerabilities tend to be left unpatched. This is due to many possible factors, such as the operational difficulty in patching many different types of systems in many different environments, and prioritizing patching in a sea of discovered vulnerabilities.

‍

‍

FTC Reports 30% Increase in Fraud Losses for US Citizens in 2022

‍

The U.S Federal Trade Commission (FTC) announced that U.S citizens lost $8.8B in 2022 to various types of scams, which is a 30% increase compared to fraud losses in 2021. Overall, 2.4M consumers reported losses due to fraud, putting the average loss per consumer at around $3,670. The top two types of scams consumers fell victim to were imposter scams and online shopping scams.

‍

Kovrr Insights: Illuminating Cyber Trends

‍

The large increase in the amount lost to scams in 2022 can be attributed to the relative ease of perpetrating a successful scam, compared to other methods of criminal monetization. Two methods which have been very popular in previous years - ransomware and cryptocurrency mining, have declined in recent years, due to them demanding increasing sophistication and resources from cybercriminals, while leading to lower returns on average.

‍

‍