at least 730 organizations around the world suffered from targeted attacks of encryptions in the fourth quarter of 2022. This was reported in the new report by Kaspersky Laboratory.
According to the report, for half the cyber attacks there are eight large groups. Currently, Clop (Ta 505), Hive, Lockbit, Ragnarlocker, BlackByte and Blackcat remain the most active, and the last two began to attack the last two21.
The largest number of attacks was carried out by Lockbit: for the entire period of the existence of the code, the number of its victims exceeded a thousand. Most often, attackers attacked enterprises from the aviation and energy industry. In third place in popularity among hackers was the sphere of consulting services.
The geography of the victims is also diverse: the USA, China, India, Indonesia, as well as the countries of Central and North-West Europe. Operators use standard initial penetration vectors for extortionists and utilities for “work” within the victim infrastructure. To obtain initial access, most often these are RDP protocols or vulnerability operations, for action inside the network – tools Psexec, Empire, Mimikatz.
“The robbers programs continue to remain one of the key threats. We have done a huge analytical work on this type of malware and revealed that their techniques and tactics largely coincide and do not change for a long period of time. Our report collected a lot of useful information For companies that will help them withstand this threat, ”comments Nikita Nazarov, head of the extended study of the threats of Kaspersky Laboratory.