Corvus Insurance: VPN Attacks Drive Surge in Ransomware

Share
Corvus has released its Q3 cyber threat report
Corvus’ Q3 cyber threat report reveals VPN vulnerabilities account for 28.7% of incidents, as RansomHub emerges as leading threat actor

Vulnerabilities in virtual private networks (VPNs) have become the primary vector for ransomware attacks, accounting for nearly 30% of incidents in the third quarter of 2024, according to research from Corvus Insurance.

The Boston-based insurtech firm, which provides data-driven cyber insurance products and is owned by The Travelers Companies, reports that attackers are exploiting basic security oversights in VPN implementations - systems that create encrypted connections between remote users and corporate networks.

Basic security failures

The research identifies that many breaches stem from organisations using elementary username combinations such as 'admin' or 'user', whilst failing to implement multi-factor authentication - a security process requiring users to verify their identity through multiple methods.

Jason Rebholz, Chief Information Security Officer at Corvus

“Attackers are focused on finding the path of least resistance into a business to launch an attack, and in Q3 that entry point was the VPN,” says Jason Rebholz, Chief Information Security Officer at Corvus. “As we look forward, businesses must strengthen defences with multi-layered security approaches that extend beyond MFA. Today, MFA is mere table stakes and must be complemented with secure access controls capable of shoring up these current and future areas of vulnerability.”

Ransomware ecosystem evolution

The report documents 1,257 ransomware attacks in Q3, maintaining similar levels to the previous quarter's 1,248 incidents. Five major cybercriminal groups – RansomHub, PLAY, LockBit 3.0, MEOW and Hunters International – were responsible for 40% of these attacks.

Youtube Placeholder

RansomHub, which emerged in February 2024 following law enforcement's disruption of the LockBit operation, has become a significant threat actor. The group's victim count increased by 160% from Q2 to Q3, reaching 195 reported cases. This growth coincided with a decline in LockBit 3.0's activities, which fell from 208 to 91 victims.

The overall ransomware landscape has expanded to include 59 distinct groups by the end of Q3, highlighting the distributed nature of cyber threats. RansomHub's rapid rise to prominence demonstrates how quickly new entrants can establish themselves, with the group claiming more than 290 victims across various sectors in 2024.

Key facts
  • VPN vulnerabilities accounted for 28.7% of all ransomware attacks in Q3 2024, making them the leading attack vector.
  • Total ransomware incidents reached 1,257 in Q3 2024, with five major groups responsible for 40% of all attacks.
  • RansomHub's victim count increased 160% from Q2 to Q3 2024, reaching 195 reported cases, while LockBit 3.0 declined from 208 to 91 victims.
  • Construction sector attacks rose 7.8% to 83 incidents in Q3, while healthcare saw a 12.8% increase to 53 reported victims.

Sector-specific impact

Construction firms continue to face the highest number of attacks, with 83 reported incidents in Q3 - a 7.8% increase from Q2's 77 cases. The healthcare sector experienced a 12.8% rise in attacks, with reported victims increasing from 42 to 53.

Jason Rebholz from Corvus emphasises the need for enhanced security measures: “As we look forward, businesses must strengthen defences with multi-layered security approaches that extend beyond MFA. Today, MFA is mere table stakes and must be complemented with secure access controls capable of shoring up these current and future areas of vulnerability.”


Make sure you check out the latest industry news and insights at InsurTech and be part of the conversation at our global conference series, FinTech LIVE.

Discover all our upcoming events and secure your tickets today. 


InsurTech is a BizClik brand

Share

Featured Articles

US Bank and One Inc Unite to Reshape Insurance Payments

Move aims to streamline claims processing through digital network, as insurers seek to modernise transaction systems amid rising digital payment adoption

Insurance Software Provider Fadata Expands Global Presence

Fadata opens offices in Malaysia and Peru as part of global growth strategy to deliver 24/7 support for insurance clients using its INSIS core platform

Top 10: Sustainability Leaders in InsurTech

This week's top 10 shines a spotlight on some of the insurance world's most sustainable practitioners, including execs from Convex, Previsico and Allianz

Allianz: Insurers Focus on Growth Despite Compliance Hurdles

Digital Strategy

Insurers Face Legacy System Exodus as Climate Risk Grows

Technology & AI

Study: Cyber Breach Recovery Times Exceed Insurance Coverage

Technology & AI