Highlights:

  • The annual Arctic Wolf Networks ransom report vividly outlines the eventful year of 2023, highlighting cybercrime groups’ escalation of ransomware demands and their enthusiastic exploitation of vulnerabilities predating 2023 that remained unaddressed.
  • Approximately 60% of all incidents where the root cause was exploiting an externally accessible system implicated vulnerabilities initially disclosed in 2022 or earlier.

The recent Arctic Wolf Networks ransom report reveals a notable increase in ransom demands and business email compromise incidents throughout 2023, highlighting cybercriminals’ continued exploitation of long-known vulnerabilities for economic gain.

The annual Arctic Wolf Labs Threat Report vividly outlines the eventful year of 2023, highlighting cybercrime groups’ escalation of ransomware demands and their enthusiastic exploitation of vulnerabilities predating 2023 that remained unaddressed. In 2023, the median initial ransom demand surged by 20% compared to the previous year, reaching USD 600,000. Industries such as legal, government, retail, and energy witnessed median demands of a million USD or higher.

The report elucidates that the trend is for ransomware demands to persistently rise, with 2024 anticipated to be particularly tumultuous as ransomware groups broaden their scope of targets and experiment with new pressure tactics in reaction to law enforcement endeavors and the increasing momentum of refuse-to-pay initiatives.

Despite potential inconsistencies in patching, findings from the Arctic Wolf Networks ransom report indicate that companies are taking the ransomware threat seriously. This is demonstrated by the fact that a ransomware attack is 15 times more likely than a business email compromise attack to trigger an incident response investigation. The report mentions, “Ransomware attacks are feared by organizations large and small, and with good reason — the damage and disruption they cause is responsible for immense losses above and beyond the ransom itself.”

Although ransomware receives the majority of the attention, the report asserts that BEC incidents are ten times more prevalent. Despite this, Arctic Wolf conducts nearly half of all IR investigations on behalf of its clients in response to ransomware, not BEC attacks.

When attackers initiated their attacks, they were also discovered to favor exploiting old vulnerabilities. Approximately 60% of all incidents where the root cause was exploiting an externally accessible system implicated vulnerabilities initially disclosed in 2022 or earlier. Just 12% of incidents involved a zero-day exploit, which refers to a software security flaw unknown to the software vendor or developers and lacking an available patch.

“Not only do our findings from this report provide valuable insights to the cybersecurity community, but they also serve as a direct input to the threat detection models contained within the Arctic Wolf Security Operations Cloud, that ensures we are able to defend our customers against cyber threats of all shapes and sizes.” Mark Manglicmot, Senior Vice President of Security Services at Arctic Wolf, spoke regarding the report.