top of page
  • Writer's pictureRoy Urrico

FIs Among Prime Targets of Data Compromises and Ransomware Attacks

By Roy Urrico

Finopotamus aims to highlight white papers, surveys and reports that provide a glimpse as to what is taking place and/or impacting credit unions and other organizations in the financial services industry.

It is bad news for financial services when it comes to data compromises and ransomware attacks, according to reports from the Identity Theft Resource Center (ITRC) and the NCC Group.

ITRC Sees Record-Setting Number of Data Compromises

Source: ITRC.

The ITRC tracked 951 compromises in the second quarter, which represents a 114% increase compared to the previous quarter (445 compromises). The second quarter also represents the most breaches the ITRC has ever tracked in a single quarter.

For the first half of the year, the ITRC tracked 1,393 compromises. This puts 2023 on a record pace for compromises in a year, exceeding the all-time high of 1,862 in 2021. The number of victims in the first half of 2023 (156,637,416) also increased 153% compared to the first half of 2022 (62,019,351 victims).

Every sector reported a higher number of data compromises in the first half of 2023 compared to the first half in 2022. Healthcare leads the sectors with the most compromises (379). However, financial service firms reported nearly double the number of compromises (241) versus the first half of 2022. For the second quarter alone, health care with 298 and financial services with 179 led all sectors as well.

The ITRC also reported phishing and ransomware as the primary cyberattack vectors for 2023 so far. However, the number of malware attacks in 2023 increased 89% percent over the same period last year.

Eva Velasquez, president and CEO, ITRC.

“The second quarter and first half of 2023 has been historic with regard to data breaches,” said Eva Velasquez, president and CEO, ITRC. “Since we started tracking data compromises in 2005, only the full years of 2017, 2021 and 2022 have exceeded the number of data events recorded in the first six months of 2023. While businesses and individuals may be numb to constant attacks and scams that lead to breaches, it’s important to remain diligent and practice good cyber-hygiene to make any information stolen or exposed less useful for identity criminals.”

The ITRC points out the lack of reporting or underreporting the victim count has surfaced as a problem. The number of victims disclosed in notices is well behind 2022’s pace, according to the ITRC. Notices in the first half of 2023 estimated that data compromises impacted 156 million individuals compared to the 424 million people affected by data events in 2022. However, the number of data breaches, with no actionable information about the root cause of the compromise, grew to 534 in the first half 2023 compared to 319 in the first half of 2022, a 67% increase.

NCC Group: Ransomware Attacks Up Year-On-Year

Source: NCC Group

Ransomware attacks continue to hit record levels with 434 attacks in June 2023, a 221% increase on the same period last year (135 attacks – June 2022), according to the latest analysis from security consultancy firm NCC Group’s Global Threat Intelligence team.

Industrials was the most targeted sector in June, representing 143 of the total attacks (33%), followed by consumer cyclicals (12%) with 52 attacks, technology (11%) with 48 attacks;. Financial services was the fourth most targeted sector.

June’s high levels of activity were driven by Clop’s exploitation of the MOVEit software vulnerability, consistently high levels of activity by groups such as LockBit 3.0, and emergence of several new groups since May.

The Clop (or Cl0p) threat-actor group is a financially motivated organization believed to currently operate from Russian-speaking countries. Clop was responsible for 90 of the 434 attacks (21%) in June, following its exploitation of an SQL injection vulnerability in MOVEit file transfer software, CVE-2023-34362, allowing the group to use this flaw to escalate privilege and steal sensitive data.

LockBit 3.0, the most active threat actor of 2023 so far, was responsible for 62 of the attacks, a fall of 21% from 78 attacks in May. 8base, a new threat actor discovered in May, stepped up activity with 40 attacks (9%) in June – making it the third most active threat group in June. Other notable activity included 17 attacks from Rhysida and 9 attacks from Darkrace, two ransomware-as-a-service (RaaS) groups that were first observed in May 2023.

North America was the most targeted region, accounting for more than half of the attacks in June with 222 victims (51%) – the same total as May. Europe (27%) and Asia (9%) followed with 116 and 40 victims, respectively.

Matt Hull, global head of Threat Intelligence, NCC Group.

Matt Hull, global head of Threat Intelligence at NCC Group, said: “The considerable spike in ransomware activity so far this year is a clear indicator of the evolving nature of the threat landscape. The better-known players, such as LockBit 3.0, are showing no signs of letting up, newer groups like 8base and Rhysida are demonstrating what they are capable of, and Clop have exploited a major vulnerability for the second time in just three months.”

Hull added, “It is imperative that organizations remain vigilant and adapt their security measures to stay one step ahead. We strongly advise any organization using MOVEit File transfer software to apply the recent patch, given this vulnerability is being actively exploited.”


bottom of page