March 2023 was the most active month for cyber attacks in recent years, according to a report by cybersecurity firm NCC Group. The report stated that there were 459 attacks, an increase of 91% from February 2023, and a 62% increase from March 2022. The spike was due to a vulnerability in Fortra’s GoAnywhere MFT secure file transfer tool, CVE-2023-0669, which the Clop ransomware group exploited as a zero-day to steal data from 130 companies within ten days.
In total, Clop performed 129 recorded attacks last month, topping NCC Group’s graph with the most active ransomware gangs for the first time in its operational history.
The most targeted sector in March 2023 was “Industrials,” receiving 147 ransomware attacks, accounting for 32% of the recorded attacks. This sector includes professional and commercial services, machinery, tools, construction, engineering, aerospace & defense, logistics, transport services, and more.
In second place were “Consumer Cyclicals,” encompassing construction supplies, specialty retailers, hotels, automobiles, media & publishing, household goods, etc. Other sectors that received significant attention from ransomware gangs were “Technology,” “Healthcare,” “Basic Materials,” “Financials,” and “Educational Services.”
The report highlights the importance of applying security updates as soon as possible to mitigate potential unknown security gaps, such as zero days, by implementing additional measures and monitoring network traffic and logs for suspicious activity.
The location of last month’s victims included almost half of all attacks (221) breaching entities in North America, followed by Europe with 126 episodes, and Asia with 59 ransomware attacks.
While Clop, LockBit, and Royal were the three most active ransomware groups, it is important to note that ransomware attacks are usually not targeted but rather opportunistic.
In early 2021, Clop also performed a mass hack that propelled it to the top, leveraging a zero-day vulnerability in Accellion’s legacy File Transfer Appliance (FTA).
