Risk Intelligence Index: Cyber Threat Landscape by the Numbers

Flashpoint's March 2023 threat intelligence report highlights a surge in ransomware activity, with 397 attacks observed, predominantly targeting US organizations in professional services and construction. The Clop ransomware group ranked second in activity, leveraging remote code execution vulnerabilities to compromise over 100 organizations. Additionally, 2,245 new vulnerabilities were disclosed, with 34% rated high-to-critical and 78% remotely exploitable, urging immediate patching prioritization. Insider threats remain significant, with thousands of posts soliciting internal access, particularly within the telecom sector. Law enforcement achieved notable takedowns, including the Breach Forums administrator and the NetWire RAT distributor Worldwiredlabs. Organizations should prioritize patching remotely exploitable vulnerabilities with public exploits, monitor insider threat indicators, and enhance endpoint security against ransomware and RATs like NetWire to mitigate these evolving risks effectively.

Flashpoint's monthly look at the cyber risk ecosystem affecting organizations around the world, including intelligence, news, data, and analysis about ransomware, vulnerabilities, insider threats, and high-profile cybercriminals The post Risk Intelligence Index: Cyber Threat Landscape by the Numbers appeared first on Flashpoint .

Flashpoint's March 2023 threat intelligence report highlights a surge in ransomware activity, with 397 attacks observed, predominantly targeting US organizations in professional services and construction. The Clop ransomware group ranked second in activity, leveraging remote code execution vulnerabilities to compromise over 100 organizations. Additionally, 2,245 new vulnerabilities were disclosed, with 34% rated high-to-critical and 78% remotely exploitable, urging immediate patching prioritization. Insider threats remain significant, with thousands of posts soliciting internal access, particularly within the telecom sector. Law enforcement achieved notable takedowns, including the Breach Forums administrator and the NetWire RAT distributor Worldwiredlabs. Organizations should prioritize patching remotely exploitable vulnerabilities with public exploits, monitor insider threat indicators, and enhance endpoint security against ransomware and RATs like NetWire to mitigate these evolving risks effectively. Flashpoint's monthly look at the cyber risk ecosystem affecting organizations around the world, including intelligence, news, data, and analysis about ransomware, vulnerabilities, insider threats, and high-profile cybercriminals The post Risk Intelligence Index: Cyber Threat Landscape by the Numbers appeared first on Flashpoint . Blogs Blog Risk Intelligence Index: Cyber Threat Landscape by the Numbers Flashpoint’s monthly look at the cyber risk ecosystem affecting organizations around the world, including intelligence, news, data, and analysis about ransomware, vulnerabilities, insider threats, and takedowns of illicit forums and shops. SHARE THIS: Flashpoint Intel Team April 13, 2023 Table Of Contents Table of Contents Ransomware Vulnerabilities Insider Threat Takedowns More subscribe to our newsletter Ransomware Flashpoint’s latest ransomware infographic paints a sobering picture of the evolving threat landscape, as cybercriminals employ increasingly sophisticated—and effective—tactics. Last month, our analysts observed a total of 397 ransomware attacks. Key takeaways for the state of ransomware Organizations in the United States bore the brunt of ransomware attacks, accounting for a staggering 211 incidents—a 66 percent increase compared to last month. The top three industries targeted by ransomware were Professional Services, Internet Software & Services, and Construction & Engineering. Clop ransomware has emerged as one of the most active ransomware groups , securing the second spot in March’s top 10 ranking. Last month, Clop garnered attention by exploiting a remote code execution vulnerability—allegedly enabling them to acquire data from over 100 organizations, although they only disclosed a few victim names on their blog. Vulnerabilities According to our intelligence, 2,245 new vulnerabilities were reported in March, with 379 of them being missed by the Common Vulnerabilities and Exposures (CVE) and National Vulnerability Database (NVD) . Key takeaways for the state of vulnerability intelligence Approximately 34 percent of March’s disclosed vulnerabilities are rated as high-to-critical in severity , which if exploited, could pose a significant risk to an organization’s security posture. Over 78 percent of March’s vulnerabilities are remotely exploitable , meaning that if threat actors are able to leverage these issues, they can execute malicious code no matter where the device is located. Nearly 29 percent of March’s vulnerabilities already have a documented public exploit , which drastically lessens the difficulty to exploit. Vulnerability Management teams can potentially lessen workloads by nearly 88 percent by first focusing on actionable, high severity vulnerabilities—i.e., vulnerabilities that are remotely exploitable, that have a public exploit, and a viable solution; 253 of March’s vulnerabilities meet this criteria. Insider Threat The tactic of recruiting insiders has become immensely popular amongst threat actors aiming to breach systems and/or commit ransomware attacks. In March, our analysts collected 5,586 posts advertising insider services—both from threat actors seeking insiders and malicious employees offering their services. Of those, 1,127 were unique posts from individuals in illicit and underground communities. Key takeaways for the state of insider threat intelligence In March, Flashpoint tracked 5,586 posts related to insider threats activity—both from threat actors attempting to solicit insider-facilitated access and from disgruntled employees offering their services. Of the total, 1,127 were unique postings. At this time, the Telecom industry is the most targeted sector , followed by Financial and Retail. Looking into the state of insider threats further, Flashpoint found that the majority of insider threat related postings originated from inside the organization with malicious insiders offering their services. Most of this activity came from the Telecom sector. Takedowns In...