A new report today from Arctic Wolf Networks Inc. reveals a sharp rise in ransom demands and business email compromise incidents in 2023 as cybercriminals continue to exploit long-disclosed vulnerabilities for economic gains.

The annual Arctic Wolf Labs Threat Report details the colorful year that was 2023, with cybercrime groups upping their ransomware demands while gleefully exploiting vulnerabilities that predate 2023 and remained unpatched. The median initial ransom demand in 2023 rose 20% year-over-year, to $600,000, with legal, government, retail and energy industries seeing median demands of $1 million or more.

The report explains that the trend is for ransomware demands to continue to increase, with 2024 likely to be especially volatile as ransomware groups expand their list of targets and explore new pressure tactics in response to law enforcement efforts and a growing momentum of refuse-to-pay initiatives.

Though patching may remain spotty, Arctic Wolf’s researchers found that companies are taking the risk of ransomware seriously, with a ransomware attack 15 times more likely than a business email compromise attack to trigger an incident response investigation. “Ransomware attacks are feared by organizations large and small, and with good reason — the damage and disruption they cause is responsible for immense losses above and beyond the ransom itself,” the report notes.

While ransomware gets all the attention, the report claims that BEC incidents outnumber ransomware by a factor of 10. That said, nearly half of all IR investigations conducted by Arctic Wolf on behalf of clients are in response to ransomware, not BEC attacks.

When attackers came knocking, they were also found to be fond of old vulnerabilities. Some 60% of all incidents where the root cause was the exploitation of an externally accessible system involved vulnerabilities first disclosed in 2022 or early. Only 12% of incidents involved a zero-day exploit, a software security flaw that is unknown to the software vendor or developers and has no available patch.

“Not only do our findings from this report provide valuable insights to the cybersecurity community, but they also serve as a direct input to the threat detection models contained within the Arctic Wolf Security Operations Cloud, that ensures we are able to defend our customers against cyberthreats of all shapes and sizes.” Mark Manglicmot, senior vice president of security services at Arctic Wolf, said about the report.

Nick Schneider, president and chief executive officer of Arctic Wolf, spoke with theCUBE, SiliconANGLE Media Inc.’s live streaming studio, in September, discussing how as Arctic Wolf expands its global footprint and grapples with the delicate balance between artificial intelligence’s promise and peril, the quest for cybersecurity excellence, caution and adaptability are paramount:

Image: Arctic Wolf