Sharp rise in ransom demands and BEC incidents

Arctic Wolf has published its annual Arctic Wolf Labs Threat Report. Insights from the report reveal a year filled with cybercrime groups significantly increasing ransom demands, continuing to exploit well-known vulnerabilities that pre-date 2023, and executing business email compromise (BEC) schemes on a massive scale.

Created with threat, malware, digital forensics, and incident response case data that Arctic Wolf collects across the entire security operations framework, the Arctic Wolf Labs Threat Report delves deep into the cybercrime ecosystem, highlighting current global threat trends and offering strategic cybersecurity recommendations for the year ahead. The report serves as a key resource for cybersecurity, IT, and business leaders looking to gain a deep understanding of the global cybercrime landscape so that they can better protect their organizations from advanced cyber threats.

“By helping to end cyber risk for thousands of customers around the globe, Arctic Wolf Labs has access to an unmatched amount of data that allows us to provide deep and differentiated insights about the cybercrime landscape for both security practitioners and business leaders alike,” said Mark Manglicmot, senior vice president of security services, Arctic Wolf. “Not only do our findings from this report provide valuable insights to the cybersecurity community, but they also serve as a direct input to the threat detection models contained within the Arctic Wolf Security Operations Cloud, that ensures we are able to defend our customers against cyber threats of all shapes and sizes.”

Key Findings from the Arctic Wolf Labs Threat Report include:

• The median initial ransom demand rose 20% year-over-year to $600,000; with Legal, Government, Retail, and Energy industries each seeing median demands of $1 million or more.

• Despite BEC incidents outnumbering ransomware incidents by a factor of 10, a ransomware incident is 15 times more likely than a BEC incident to lead to an incident response investigation.

• Vulnerabilities first disclosed in 2022 or earlier continue to account for nearly 60% of incidents where the root cause was the exploitation of an externally accessible system.

• Manufacturing, Business Services, and Education/Non-Profit were the top three industries to appear on ransomware leak sites.

"The volume of cyber incidents continues to increase each year. As we enter 2024, the wide scale availability of AI tools has the potential to supercharge the ability of cybercriminals to successfully exploit vulnerabilities,” said Catherine Lyle, SVP of Cyber Claims & Incident Response at Tokio Marine HCC – Cyber & Professional Lines Group, a member of the Tokio Marine HCC group of companies based in Houston, Texas. “Resources like the Arctic Wolf Labs Threat Report assist carriers and businesses in understanding the current and future cybersecurity landscape. When used properly, this type of data can permit an organization to respond with appropriate vulnerability management, giving it a proven edge in safeguarding its sensitive systems and data. In turn, this makes it easier for the organization to mitigate any future harm by obtaining cyber insurance.”

Arctic Wolf Labs brings together Arctic Wolf’s elite security researchers, data scientists, and security development engineers together with a unified goal to help end cyber risk for organizations around the globe. Leveraging the trillions of security events the Arctic Wolf Security Operations Cloud ingests, parses, enriches, and analyzes each week, Arctic Wolf Labs is responsible for deliver cutting-edge threat research on new and emerging adversaries and leveraging machine learning and artificial intelligence to create advance threat detection models that drive continuous improvement in the speed, scale, and detection efficacy of Arctic Wolf’s security operations solutions.