Quarterly increase of 20% in ransomware release platforms noted in Q2
In a recent report, cybersecurity firm Reliaquest revealed a 20% increase in ransomware activity targeting Snowflake customer environments during Q2 2023 compared to Q1. The surge in attacks is attributed to various factors, including the exploitation of compromised credentials, sophisticated impersonation techniques, and the rise in ransomware incidents targeting retail and other sectors.
The most active ransomware groups during this period typically gained initial access to victim networks through unpatched VPNs, remote desktop protocol tools, or social engineering campaigns. However, a notable trend emerging in Q2 is the increased use of legitimate credentials for initial access, as seen in a wave of attacks targeting over 100 Snowflake customer environments.
One of the key perpetrators identified is the group ShinyHunters, which employs private ransom negotiations and threats to leak data if demands are unmet. This tactic was evident in related Salesforce environment compromises.
May 2023 saw a significant surge in ransomware activity, with LockBit accounting for 36% of the alleged victims. However, a June slowdown followed, with the total count of alleged ransomware victims decreasing by 13% year over year. This decrease is attributed to LockBit's attempt to recover from an international law enforcement takedown of the group's infrastructure.
The manufacturing and professional, scientific, and technical services sectors were the most heavily targeted during Q2. Additionally, marketplace listings in cybercriminal forums featuring data harvested by infostealers increased by 30% during this period. Infostealer malware, which covertly infiltrates systems and collects sensitive information, can serve as an initial point of entry and can affect software ranging from authentication applications to cloud data services like Snowflake.
Predicted future trends suggest that the ransomware threat landscape targeting Snowflake customer environments will become more sophisticated and identity-driven. This emphasizes the need for advanced identity-focused security strategies and vigilance against phishing and credential theft.
Experts also anticipate the growth of private, targeted ransom negotiations and more aggressive extortion tactics, including threats of public data leaks to pressure victims. In addition, there will be an increasing focus on identity analytics, real-time monitoring of user behavior, and Active Directory protection to counter credential-based intrusions.
The rise in ransomware activity has caused increased insurer and market anxiety, particularly in critical sectors like finance and insurance. As the use of infostealers continues to grow, so will the use of exposed credentials in ransomware attacks.
In conclusion, businesses must remain vigilant against ransomware attacks, particularly those targeting Snowflake customer environments. Adopting advanced identity-focused security strategies and staying updated on the latest threat trends is crucial in mitigating these risks.
- The increased ransomware activity against Snowflake customer environments, as revealed by Reliaquest, is not only driven by traditional methods like unpatched VPNs and social engineering, but also by the use of legitimate credentials, such as those employed by the ShinyHunters group.
- As predicted by experts, future trends in ransomware attacks will become more identity-driven, making the use of advanced identity-focused security strategies and vigilance against phishing and credential theft essential for businesses.
- With the surge in ransomware activity vis-à-vis infostealer malware, businesses in critical sectors like finance and insurance need to stay updated on the latest threat trends and adopt proactive measures like identity analytics, real-time monitoring of user behavior, and Active Directory protection to mitigate risks.
