February 5, 2024 Securin Report Finds 38 New Vulnerabilities from 2023

Securin researchers have published ransomware threat insights from 2023, including new APT groups, ransomware families and related attacks.

Securin, Inc. just debuted its latest ransomware report, investigating cybersecurity threats and detailing how the usage and manipulation by threat groups has grown in 2023. Hopes for a reduction in ransomware attacks in 2023 were dashed as incidents continued to rise, affecting businesses, governments, critical infrastructure, and more.

The 2023 Year in Review: Ransomware report drives this reality home, identifying 38 new vulnerabilities associated with ransomware in 2023. The report provides a deep dive into the state of ransomware as we head into 2024, with crucial information on newly identified vulnerabilities, insight into significant ransomware attacks, and new ransomware families and APT groups. The top three takeaways from this report include:

1. The number of ransomware-associated vulnerabilities climbed significantly, from 344 in 2022 to 382 in 2023. Of these, the most weaponized was the Progress MOVEit Transfer Vulnerability (CVE-2023- 34362), which was used to compromise more than 1,000 organizations, affecting 60 million
2. Ten new ransomware families emerged in 2023 including Akira, Bloody and INC, leading to a total of 188 active ransomware families. Along with new families, Securin experts identified three existing advanced persistent threat (APT) groups—Scattered Spider, FIN8, and RomCom—adding ransomware to their
3. Cl0p, BlackCat, and Vice Society led the pack of ransomware groups in These three groups were responsible for damaging attacks against MGM Resorts, MOVEit Transfer and the Industrial and Commercial Bank of China.

Remarking on the key takeaways, Ram Movva, CEO and co-founder of Securin, said, “These discoveries are alarming, but they are far from surprising. Talking to our customers over the last year, we have heard the same thing over and over again: the attacks, successful or thwarted, just keep coming. This onslaught, combined with an ongoing talent shortage and slashed IT budgets, has created a combustible situation for organizations of every kind. Addressing these challenges head on, with the best information possible, will be essential to keeping the worst from transpiring in 2024.”

Movva goes on to say, “The fact is that, despite increased vigilance, major vulnerabilities continue to be ignored. Third-party software manufacturers and repositories like the NVD and MITRE are both struggling to stay fully informed of the active threats facing every organization. Our predictive platform has long been able to fill this gap for our customers, illuminating active threats before ransomware gangs began weaponizing them.”

The research in the report also delves into the precise vulnerabilities exploited during 2023’s most significant attacks. It provides several tips on how organizations can defend against and prevent these attacks, including education and training, regular software updates, patch management, and more.

To learn more, the executive summary and the full report can be downloaded here: https://www.securin.io/ransomware-report-2023-year-in-review-download/

Subscribe to Industry Today