IBM Report: Ransomware, Malicious Insiders On The Rise

  /     /     /  
Publicated : 22/11/2024   Category : security


IBM Report: Ransomware, Malicious Insiders On The Rise


X-Forces top four cyber threat trends also names upper managements increasing interest in infosec.



Ransomware and malicious insiders are on the rise, upper management is showing greater interest in infosec, and organizations actually have a reason to be grateful to script kiddies, according to a new threat intelligence report from IBM X-Force.
Ransomware rising
Ransomware like
CryptoWall
has become
one of the top mobile threats
, in addition to desktop threats. Its been found wrapped into a variety of exploit kits -- the
Angler EK alone generated
$60 million from ransomware -- and has been seen
spreading through malvertising
campaigns.
IBM X-Force, however, states the top infection vector was simply unpatched vulnerabilities. A well-known infection vector of ransomware can exploit unpatched operating system vulnerabilities to give attackers access to the system resources they want to lock or the data they want to encrypt, according to the report. After unpatched vulnerabilities, drive-by downloads and spearphishing, respectively, were the leading attack vectors. 
To defend against, recover from, and mitigate the effects of ransomware, X-Force recommends creating and testing back-ups thoroughly; conducting better user training; using software designed to catch anomalies related to binaries, processes and connections which can also help identify many kinds of malware, ransomware included; and using file recovery software, professional services, or Microsoft Windows Volume Shadow Copy Service to try to recover files that the ransomware has copied/deleted or encrypted.
Onion-layered incidents
By onion-layered incidents IBM X-Force is
not
referring at all to onion routing. It is referring to detected security incidents that lead forensic investigators to discover evidence of hitherto undetected attacks.
X-Force witnessed a new trend in which stealthy, sophisticated attacks were discovered during forensic investigations into simple, unsophisticated attacks. Attackers whod been lurking within a network for months were not detected until investigators stumbled across them while investigating an attack by a script kiddie.
Were it not for the disruptive event caused by the script kiddies, the client might never have noticed anything wrong, the report said.
The common trait in scenarios like this, said researchers, is that the compromised organizations were running old operating system versions that hadnt been patched in a long time.
Malicious insiders
Malicious insiders are abusing remote administration tools and organizations are making those attackers work easier by following bad password policies, conducting insufficient logging, and failing to revoke employees credentials immediately after they leave the company.
The common thread is that accountability was not enforced. ... Knowledge can’t be stripped from an employee leaving an organization, but there are ways to minimize the risk of that knowledge being used for malicious purposes, the report said.
X-Force found that in the organizations most prone to insider attacks, passwords were routinely set to never expire, password sharing between team members was not discouraged, admin accounts were shared, and user credentials were not immediately revoked when an employee was terminated or left the company.
As a result, ex-employees with ill will toward former employers held powerful weapons they could use to express their resentment. They simply needed a way to get back into the network.
The most common method, according to IBM: In most malicious insider attacks we’ve seen, the disgruntled employee typically prepared for departure by installing remote administration tools  such as LogMeIn or TeamViewer for access to the employer’s network.
X-Force recommends that security teams that suspect or detect the unauthorized use of remote administration tools block access for the master servers of these tools.
Upper management interest
The average cost of a data breach in the United States was $6.53 million, according to a study by the Ponemon Institute and sponsored by IBM. Numbers like this have gotten the attention of upper management, say researchers. 
What is management asking their security teams for more? Enterprise risk assessment, incident response, and tabletop exercises like stress tests and cross-functional reviews are top of the list.

Last News

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
IBM Report: Ransomware, Malicious Insiders On The Rise