In Poland, there are 1,600 cyberattacks on a single organization every week, and ransomware now threatens nearly 3% of all corporate networks! The situation in May became particularly dangerous. Hackers utilized the Phorpiex botnet, which sent millions of phishing emails containing LockBit Black ransomware, warn analysts at Check Point Research.
Cyberspace is becoming increasingly dangerous. Globally, cyberattacks have been rising at an alarming rate over the past month. In Poland, the average weekly number of attack attempts increased to over 1,600 per organization! The most frequently targeted were military and administrative organizations, public utilities, and the financial and banking sector.
According to specialists from Check Point Software, the most commonly used tools worldwide were the FakeUpdates downloader (identified in 7% of corporate networks) and the Androxgh0st (5%) and Qbot (3%) botnets. In Poland, third place went to the Snatch ransomware, which attempted to infect around 3% of corporate networks. Data from Check Point Research indicates that ransomware poses a significant threat to Polish companies. In the last six months, ransomware impacted 2.9% of Polish enterprises (0.3 percentage points higher than the global average).
Ransomware is becoming a key threat to companies worldwide. Some experts predict that due to these types of attacks, annual business losses will reach $265 billion by 2031! Meanwhile, at the turn of April and May, a massive ransomware campaign was executed using the Phorpiex botnet. The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) found evidence that Phorpiex, ranked sixth in last month’s threat ranking, was used to send millions of phishing emails as part of the LockBit3 ransomware campaign. The emails contained ZIP attachments with deceptive doc.scr files, which, when executed, initiated the network encryption process. The campaign utilized over 1,500 unique IP addresses, mainly from Kazakhstan, Uzbekistan, Iran, Russia, and China.
The largest group carrying out such attacks is LockBit3, responsible for 33% of disclosed attacks. Following them are Inc. Ransom with a 7% share and Play with a 5% detection rate. Inc. Ransom recently admitted to a major cyber incident that disrupted public services at Leicester City Council in the UK, allegedly stealing over 3 terabytes of data and causing widespread system shutdowns.
“Ransomware is one of the most destructive attack methods used by cybercriminals. Although law enforcement temporarily disrupted the LockBit3 cybergang by unmasking one of its leaders and revealing over 7,000 LockBit decryption keys, the threat has not been fully eliminated. Gang members are regrouping and implementing new tactics to continue their activities,” says Maya Horowitz, Vice President of Research at Check Point Software.
It is worth noting that according to Check Point, Poland ranks 65th in the world in terms of attack frequency. It is safer than Estonia (42), the Czech Republic (48), Austria (60), or Italy (52), but we experience more attacks than, for example, Hungary (77th place). In May, the safest country in the world was unexpectedly Egypt (111th), while in Europe, it was Latvia (106th). The most attacks are carried out in Mongolia.