Cybercrime is a sector that does not seem to experience a crisis, putting together record quarters one after the other and the first of 2023 is no less. The recent report by Swascan's Threat Intelligence team revealed that during the first three months of this year there was a 19% increase in ransomware attacks compared to the previous quarter. If we compare this quarter's data with that of 2022, the increase is as much as 85.7%. The ransomware threat has become increasingly incisive for companies and institutions, showing a particular propensity to affect small and medium-sized enterprises (SMEs). The majority of victims (62%) have fewer than 500 employees, reiterating the notion that smaller targets are more vulnerable as well as more numerous.
“The great leitmotif of these months” – Pierguido Iezzi, CEO of Swascan tells us – “is that of the theft of credentials. Criminals use malware and phishing techniques to get maximum results with minimum effort”.
According to the report, Facebook and Office365 are the names most used by cyber gangs for phishing campaigns. Using these familiar names helps to trick users into giving up their credentials, thus allowing hackers to gain access to personal information. A crucial point of the new attacks, in fact, is that they do not aim exclusively at corporate credentials, but also at personal ones to allow criminals to impersonate the employee who is the victim of the IT breach and bring the malware into the company even by roundabout routes. such as sending malicious files or links via messaging. But why have we witnessed a phenomenon that has been growing continuously for years, without countermeasures being able to stop its effectiveness? "The point is that the growth of cybercrime - explains Iezzi - is proportional to the spread of digitization and we should not forget the impact of smart working which has broken down the distinction between the private and work digital spheres". So increasingly digital companies become more and more exposed to cyber attacks conducted by exploiting an increasingly advanced arsenal.
The role of botnets
Botnets, networks of compromised computers that are at the service of criminals by distributing malware and attacking other devices, are an important weapon for attackers who can count on an army of "robots" capable of working around the clock on attacks of The most famous ones are known as Hajime and Mirai, both dedicated to compromising Internet of Things (IoT) devices, but we also see a sharp increase in the use of malicious software that hunts for credentials that are then put up for sale in sites specialized in the dark Web. The most active cybergangs in the first quarter of 2023 were LockBit, CLOP and ALPHV/BlackCat, but the phenomenon of "ransomware as a service" is increasingly widespread, i.e. people who join large groups and obtain everything the software and knowledge they need to launch ransomware attacks in exchange for a share of the profits. A sort of cybercrime franchise that has become within everyone's reach thanks to the evolution of the technical tools available. A proactive approach is needed to counter this strong expansion of cybercrime. Companies must rely on structures specialized in detecting the signals that precede an attack, in order to stop it before the criminals manage to do any damage.