06/07/2024 – 16:13
Cyberattacks have declined this year thanks to large-scale police operations, prompting internet criminal groups to reorganize and even carry out physical threats, experts say.
The year 2023 saw a record in both the number of attacks and the number of victims extorted.
“In the first quarter of 2024, the number of publicly reported incidents related to ransomware (blackmail programs) decreased compared to the first quarter of 2023,” Allan Liska, cybersecurity expert at Recorded Future, told AFP.
In its Q1 2024 Internet Security Report, US cyber defense firm WatchGuard also noted a 23% drop in ransomware attacks compared to the end of last year.
This type of malicious software exploits security flaws in companies, public buildings, communities or even individuals to encrypt and lock their computer systems, demanding a ransom to unlock them.
Particularly lucrative for hackers, these attacks are devastating for victims, even when they pay, as they can have their data stolen and resold on the dark web.
– Cleaning –
French cybersecurity startup Cybelangel reported a 40% increase in attacks in 2023, while US-based Chainalysis, a specialist in studying cryptocurrency transactions, estimated that victims paid more than $1.1 billion (around R$6 billion), a record figure.
Authorities are particularly vigilant about these ransomware programs.
In February, the Russian-based LockBit group was dismantled following an international police operation.
According to Liska, this organization accounted for up to 30% of ransomware attacks in recent years.
In late May, a multi-country operation called “Endgame” took down more than a hundred servers that played a crucial role in spreading malicious software.
“All of these operations have had a real impact on the ransomware ecosystem,” says Liska.
“There has been a kind of cleansing of the ransomware scene,” notes Nicolas Raiga-Clémenceau, a cybersecurity expert at French firm XMCO, “which has allowed a number of new groups to emerge and structure themselves” in recent months.
Experts estimate that more than a dozen new groups have emerged, including RansomHub or Hunters International, but that it is too early to know whether the threat power of these groups will be as strong as that of their predecessors.
– “Physical consequences” –
“Some of these new ransomware groups, such as Scattered Spider, are now threatening to resort to ‘new, more violent tactics,’” warns Recorded Future’s expert.
“In the data stolen by hackers, the address of the CEO or head of cybersecurity sometimes appears [de uma empresa] and when negotiations fail, the consequences can be not only digital, but also physical,” he added.
For Luis Delabarre, the decline in ransomware can also be explained by greater investment by companies in more effective defense systems.
“Today we are seeing the results of a year 2023 that was very delicate and difficult in terms of ransomware,” says the expert from cybersecurity firm Nomios. “Decisions were made, and the Olympic Games were an accelerator.”
Although the Paris Olympic Games are not a particularly sensitive target for this type of attack, the 15 million visitors expected this summer in the French capital have whetted the appetite of cybercriminals, who have already launched phishing campaigns in the form of, for example, fake online lotteries to win tickets.
It is a way to trick Internet users into obtaining personal data and identification, often the first step before launching a large-scale attack.
But all the experts interviewed by AFP agree: ransomware attacks could increase rapidly, possibly before the end of the year.
“There is so much money at stake (for pirates) that they are not going to stop any time soon,” says Liska.
#Cybercrime #reorganizes #face #police #attacks