In This Article:
If it feels like cyberattacks are becoming more frequent, it’s because they are. According to a new report by MIT professor Stuart Madnick, there were more ransomware attacks reported in the first nine months of 2023 than all of 2022.
The report, which was funded by Apple (AAPL), but written independently by Madnick, points to a stark increase in cyberattacks, impacting as many as 360 million people through August.
One reason for the jump, according to Madnick, is that ransomware groups are becoming more organized, operating as gangs and targeting organizations with critical user data such as government and healthcare facilities.
The other cause for the jump, Madnick says, is that cybercriminals are increasingly using secondary vendors to gain access to their main targets.
“In today’s interconnected world, virtually every organization relies on a wide range of vendors and software,” Madnick wrote. “As a result, hackers only need to exploit vulnerabilities in third-party software or a vendor’s system to gain access to the data stored by every organization that relies on that vendor.”
Some 98% of business and government groups work in some capacity with a company that’s been hit by cybercriminals in the past year. The number of attacks is staggering. According to the study, 2.6 billion personal records were breached in 2021 and 2022, and 1 in 4 people had their health records exposed in the first three quarters of this year. Ransomware attacks against hospitals in particular can be dangerous, as they limit access to patient records and can force healthcare providers to divert potential patients to other hospitals.
Attacks on hospitals ramped up significantly during the pandemic, and continue to wreak havoc across the US. According to a CBS News report, 299 hospitals have been hit with ransomware in 2023 as of the end of November.
Madnick also points to a number of large-scale hacks in previous months, including 23andMe (ME), which gave notice for its breach in October; Discord, which was hacked in August; and Microsoft (MSFT), which took hits to its Outlook and Exchange platforms.
Generative AI is also making phishing and ransomware attacks easier for criminals, allowing them to quickly script phony emails asking for users’ login information and gaining access to their accounts.
To address these attacks, the report suggests companies collect less data from consumers, particularly when they don’t encrypt user data. He also recommends more companies rely on end-to-end encryption tools.
Tech giants ranging from Microsoft and Apple to Meta (META), Google (GOOG, GOOGL), and others already offer varying forms of end-to-end encryption, ensuring only a person sharing data and the recipient can read it.