Rapid7 see cyberattacks continuing to target key businesses

A mid-year threat review conducted by cybersecurity company Rapid7 has found that its incident responders have seen a 69% increase in their caseloads in the first half of 2023.

Its researchers tracked more than a dozen new vulnerabilities that were widely exploited over the first half of the year, finding that more than a third of widespread threat vulnerabilities were used in zero-day attacks.

With ‘bad actors’ continuing to enact cyber warfare on key organisations and essential services, Rapid7 services teams have observed that attacks are often ‘slipping through the cracks’ due to companies not having essential protection like multi-factor authentication (MFA) enabled and have released a call to action.

Continued increases in ransomware attacks threaten businesses

Hacks and ransomware threats of this scale can often irreversibly impact businesses and essential organisations, sparking huge safety concerns. Business leaders consistently allude to an impending “cyber crisis” as a result of a continued cybersecurity skills gap, limited industry knowledge and a lack of urgency.

Rapid7 aims to make cybersecurity simpler and more accessible for all. Caitlin Condon, Vulnerability Research Manager at Rapid7, spoke to Cyber Magazine and said: “We provide security solutions for cloud risk management, threat detection [and] vulnerability management.

The company’s report highlights how the company tracked 79 known state-sponsored threat actors attacks in 1H 2023 and found at least 24% of which leveraged exploits against public-facing applications to target governments, critical infrastructure, and corporate networks.

In 23% of the state-sponsored attacks, Rapid7 tracked used spear phishing to gain access to victim environments, with 22% involving the abuse of valid accounts.

Nearly 40% of incidents Rapid7 managed services teams saw in the first half of 2023 was the result of missing or lax enforcement of multi-factor authentication, particularly for VPNs and virtual desktop infrastructure (VDI).

Phishing attacks: A “scourge” on corporate networks

In addition to increased ransomware attacks, phishing threats have also emerged as continuing to dominate the cyberattack landscape. 23% of the state-sponsored attacks Rapid7 tracked used spear phishing to gain access to victim environments, and 22% involved the abuse of valid accounts.

Phishing has increased exponentially within the last 12 months alone, according to reports, suggesting that cyber criminals are becoming more sophisticated in their methods.

Speaking on the key findings of the report, Condon said: “Ransomware groups, advanced persistent threats (APTs), and commodity attackers continued to compromise global businesses at scale in the first half of this year.

“Rapid7 tracked roughly 1,500 ransomware incidents across public reports and our own observations as of mid-June 2023. The real number of incidents is likely to be higher than that, in part because public reports can be a bit of a trailing indicator, and in part because when we compiled our data, the Cl0p ransomware gang was still actively claiming new victims from the MOVEit Transfer hack perpetrated at the end of May.”

Indeed, 35.3% of ransomware incidents, based on leak site communications, public disclosures and Rapid7 incident response data, were attributed to LockBit, 14.2% to ALPHV/BlackCat and 11.9% to Cl0p. Plenty of these continue to target governments, critical infrastructure and corporate networks.

Condon said: “One of the points we make in the report is that counting primary victims underestimated the true impact of these incidents, which frequently involve data exposure for downstream users or partner organisations. 

“Our incident response team saw a huge uptick in cases during the first half of this year — a rise of 69% year over year. Nearly 40% of the incidents our consultants responded to were the result of missing or lax multi-factor authentication on things like VPNs and virtual desktop infrastructure. 

“In general, Rapid7 noted low overall security maturity and subpar security hygiene across many of our engagements in the first half of 2023.” 

Overworked cyber teams resulting in notification fatigue

MFA fraud was connected to notification fatigue, according to the report, suggesting overworked or under-prepared cybersecurity teams. This is particularly poignant, given that there is evidence to suggest that some businesses only conduct relevant cyber training once a year.

Workforces have cited increased challenges due to being overworked in a security capacity, as well as being short-staffed due to a cyber skills shortage. With this in mind, it is important that businesses work to better protect themselves against data breaches and ensure that their workforces are better prepared.

“We continue to see a lack of basic security hygiene in many organisations,” Condon said to Cyber Magazine. “As a top priority, businesses should ensure multi-factor authentication is in place (and enforced!) wherever possible, including and especially on VPNs and virtual desktop infrastructure. 

“Establishing baseline vulnerability management and asset inventory programs is also critically important. Organisations can mitigate data theft and extortion risk by taking measures to prevent data exfiltration wherever possible. This could include restricting or alerting on large file uploads, blocking known file sharing sites, and monitoring the use of data archiving utilities.”

“We expect to see more of these types of extortion campaigns [over the next 12 months] and we expect to see more smash-and-grab-style exploits targeting applications that house sensitive data,” Condon said.

“Why bother deploying ransomware or planning a multi-stage attack when you can exploit a public-facing application and simply exfiltrate tranches of data in one go?”

******

For more insights into the world of Cyber - check out the latest edition of Cyber Magazine and be sure to follow us on LinkedIn & Twitter.

Other magazines that may be of interest - Technology Magazine | AI Magazine.

Please also check out our upcoming event - Cloud and 5G LIVE on October 11 and 12 2023.

******

BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.

BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.​​​​​​​