Nearly 30% of ransomware attacks during the third quarter have stemmed from subpar cyber hygiene, primarily in VPN accounts, whose insecure credentials were most prevalently targeted by threat actors to facilitate initial compromise during the same period, according to StateScoop.
Aside from primarily leveraging basic usernames for their accounts, organizations impacted by ransomware intrusions from July to September — including those in the government and healthcare industries — also mostly failed to implement multi-factor authentication that could have deterred brute-force attacks, a report from Corvus showed. Nearly 60 active ransomware operations were recorded during the same period, with smaller groups mounting increased attacks. "Law enforcement campaigns in late 2023 and early 2024 against LockBit and ALPHV may be transforming the ransomware ecosystem, resulting in more small-scale operations than before," said the report. Such findings come after a LevelBlue study detailing that 75% of state and local governments and higher education entities regarded new tech investments to be more important than cyber risks.
