The number of ransomware attacks is at an all-time high, which is alarming for all enterprises because it is impossible to patch every attack surface area to minimize the risks
Most enterprises across industry, vertical, or size today are targets of cybercriminals. Malicious actors are banking on ransomware attacks to infiltrate the network and deliver ransomware. These breaches can have a debilitating influence on the business workflow and disrupt the entire operations.
According to a report released by Verizon in 2022 titled “2022 Data Breach Investigations Report,” there was a 13% surge in the number of ransomware attacks in 2021. The surge was so steep that the numbers were higher than the last 5 years combined. Here are a few top trends and behaviors are seen in cybercriminals:
Infiltrating the network through phishing, Stolen passwords, remote desktop protocols (RDP), and exploiting vulnerabilities
Phishing emails, exploiting RDPs, and banking on IT infrastructure vulnerabilities are a few common vectors used by cybercriminals. The surge in remote working has increased the attack surface areas, which the cybercriminals can exploit using the infection vectors and accomplish a full-blown ransomware attack.
Increase in ransomware as a service (RaaS)
The underground business model of ransomware as a service is established and booming exponentially. The ransomware attackers hire third-party services for ransom negotiations and help the victims process the payments. Moreover, a few malicious ransomware attackers implement 24/7 support to facilitate the ransom payments process and restore the encrypted systems or data as quickly as possible.
Also Read: How CISOs Strengthen Supply Chain Resilience
Passing the victim’s information to fellow ransomware groups
Ransomware attackers have started sharing the target’s information with fellow troops to diversify the threat to the victim organization. The same report of Verizon suggests that nearly 62% of the system intrusion patterns involved threat attackers compromising partners.
Mitigating the ransomware attacks
Keep all the systems, applications and software updated
Enterprises can implement a process to frequently patch to minimize their exposure to cybersecurity threats. It is an efficient and cost-effective way to frequently check for updates and end of life (EOL) notifications to identify known exploited vulnerabilities and patch them in real-time. It is essential to regularly patch the Virtual Machines (VM), serverless applications, and third-party libraries on a cloud server to minimize the attack surface areas.
Reduce the utilization of RDP and other risky services, track and secure them vigilantly
Enterprises can restrict access to the resources in the internal network and adopt virtual desktop infrastructure to minimize the risk. Once the SecOps teams assess the risks and feel that RDP is necessary to function smoothly, organizations can adopt Multiple Factor Authentication (MFA) to mitigate the risk of stolen passwords and reuse. If an organization needs RDP externally, it is essential to implement a virtual private network (VPN), virtual desktop infrastructure, and MFAs to establish a secure connection with the internal servers.
Implementing MFA in necessary processes like accessing the webmail, VPNs, critical systems, and privileged accounts manage backups will mitigate the threats. CISOs should consider reviewing the security postures of the vendors that are connected to the organization’s network. It is crucial to design and implement a process to continuously monitor the third-party vendor connections, applications, and hardware for any suspicious activity.