NCC Group Monthly Threat Pulse – October 2022 - Ransomware attacks decrease but DDoS attacks on the rise

November 22, 2022

Analysis from NCC Group’s NCC Group’s Global Threat Intelligence team has revealed a decrease in ransomware attacks in October, but a sharp rise in DDoS attacks with the highest number of incidents observed this year.

  • Ransomware attacks decreased by 7% in October from the previous month
  • Industrials (34%) and Consumer Cyclicals (18%) remain the top two most targeted sectors, with Healthcare (10%) replacing Technology (8.5%) as the third most targeted
  • Lockbit 3.0 (30%), Black Basta (13.3%), and BlackCat (12.8%) remain the most prevalent threat actors, the tenth month that Lockbit (Lockbit 2.0/Lockbit 3.0) has been the most active
  • October saw the highest number of DDoS attacks this year, with a 14% increase from September to 2,090 attacks

    Analysis from NCC Group’s Global Threat Intelligence team has revealed a decrease in ransomware attacks in October – a fall from 202 attacks to 188 - but a sharp rise in DDoS attacks with the highest number of incidents observed this year.

     

    The ransomware attack numbers this month are half of those recorded in October last year, indicating that the total number of attacks this year is unlikely to reach the same heights as in 2021.

     

    The Threat Pulse highlights the persistent prevalence of Lockbit as the most active threat actor, with it accounting for 30% of attacks. This marks the tenth month in a row in which a variant of Lockbit (Lockbit 2.0/Lockbit 3.0) has taken the top spot with 57 attacks in October, despite its activity decreasing by 22% from September.

     

    While Lockbit pulled back in October, Black Basta has ramped up activity to increase its number of attacks 31% from 19 to 25. It maintains its position as the second most active threat actor for the third month in a row.

     

    In third place, Black Cat, completed the biggest proportional increase in attacks, with a 50% increase in incidents as its victim numbers grew from 16 to 24.

     

    In a wildcard turn of events, newly emerged threat actors Sparta and IceFire have gone silent this month. This follows their respective explosive entrances to the threat landscape in previous months.

     

    Diving into sector trends, Industrials (34%) and Consumer Cyclicals (18%) remain the top two most targeted sectors. However, while Technology accounted for 8.5% of attacks, for the first time since January it did not rank third in the top three. Instead, its position was replaced by Healthcare (10%), which could be an anomaly or hint towards an emerging shift towards targeting the sector.

     

    Across the regions, North America suffered 84 attacks (45%), making it the most targeted region, ahead of Europe, which experienced 51 (27%). Asia remained the third most targeted with 14% of attacks.

     

    As the number of ransomware attacks decreased this month, there has been a notable shift in tactics, with a more prevalent use of distributed denial of service (DDoS). There were 2,090 DDoS incidents in October, a 14% increase from September, and the highest number of hits recorded this year. The monumental growth warns that the threat of DDoS is on the rise.

     

    Matt Hull, Global Head of Threat Intelligence at NCC Group, said: “We are seeing a vast growth in DDoS attacks, with the numbers in October hitting an all-time high. This shift is even more notable this month as overall ransomware attacks decreased.

     

    “We are closely monitoring the threat landscape, which after a period of tumultuous change, seems to be yet again dominated by the key players. Emerging threat actors Sparta and IceFire have gone silent, while Lockbit remains stronger than ever with its tenth month as the most active in the scene.

     

    “It is clear that the most consistently targeted sectors and regions remain vulnerable, and so we advise organizations within these areas to prioritise ongoing resilience.”