CL0P favours identifying a weak spot in organisational supply chains (preferably facilitating file transfer / storage), developing an exploit, and subsequently performing mass-exploitation over the following month/s, and the numbers show that this is indeed highly effective. Going forward, we can expect this activity to persist as it has evidently proven to be profitable for the ransomware group, particularly in June and July with the collective victim count of 261 likely enabling them to have their subsequent four-month break. Therefore, it is prudent for organisations of any sector to consider their third-party security posture and the exploitability of their supply chain, to avoid becoming a victim of CL0P’s likely future excursion into the supply chain.
Sectors Targeted In 2023, CL0P’s most targeted sectors were Industrials with 108 attacks (27% of their total for the year), followed by Technology with 80 (20% of the total), and finally Financials in third with 67 (17% of the total). Note that, unlike other threat actors in the ransomware threat landscape, CL0P’s targeted sectors are likely more circumstantial than those of other groups, as their victims will be those organisations that use the device that they are targeting.
In this case, Industrials will certainly be the most targeted due to the sheer quantity of varying industries that reside within, meaning a greater percentage of organisations using these devices will exist within the Industrials sector. Industries Targeted In terms of CL0Ps most targeted industries, in first is Professional & Commercial Services with 67 cases (16% of their total for the year), followed by Software & IT Services in second with 61 (15% of the total), and finally Banking Services with 33 (8% of the total).
49
Made with FlippingBook - PDF hosting