Theres No Ceiling: Ransomwares Alarming Growth Signals a New Era, Verizon DBIR Finds

  /     /     /  
Publicated : 23/11/2024   Category : security


Theres No Ceiling: Ransomwares Alarming Growth Signals a New Era, Verizon DBIR Finds


Ransomware has become so efficient, and the underground economy so professional, that traditional monetization of stolen data may be on its way out.



The past year has seen a staggering acceleration in ransomware incidents, with 25% of all breaches containing a ransomware component.
Thats the top-line finding in the 2022 Verizon Data Breach Investigations Report (DBIR), which found that ransomware events in conjunction with breaches ballooned 13% in the past year — last years report found that just 12% of incidents were ransomware-related. That translates into a rate of increase thats more than the previous five years of growth combined.
The 15th annual DBIR
analyzed
23,896 security incidents, of which 5,212 were confirmed breaches. About four in five of those were the handiwork of external cybercriminal gangs and threat groups, according to Verizon. And according to Alex Pinto, manager of the Verizon Security Research team, these nefarious types are finding it easier and easier to earn an ill-gotten living with ransomware, making other types of breaches increasingly obsolete.
Everything in cybercrime has become so commoditized, so much like a business now, and its just too darn efficient of a methodology for monetizing their activity, he tells Dark Reading, noting that with the emergence of ransomware as-a-service (RaaS) and initial-access brokers, it takes very little skill or effort to get into the extortion game.
Before, you had to get in somehow, look around, and find something worth stealing that would have a reseller on the other end, he explains. In 2008 when we started the DBIR, it was by and large payment-card data that was stolen. Now, that has fallen precipitously because they can just pay for access someone else established and install rented ransomware, and its so much simpler to reach the same goal of getting money.
A corollary to this story is that any and every organization is a target — companies no longer need to have something worth stealing in the way of highly sensitive data to fall in the cybercrime crosshairs. That means that small- and midmarket organizations should beware, Pinto said, as well as very small, mom-and-pop organizations.
You dont have to go for the big guys anymore, Pinto said. In fact, going for the big guys might be counterproductive because those folks usually have their ducks more in a row as far as defenses. If a business has a handful of computers and they care about their data, youre potentially going to make a few bucks out of them.
Put into a different context, the DBIR found that around 40% of data breaches are due to the installation of malware, he said (what Verizon refers to as system intrusions), and the rise in RaaS has led to 55% of those specific breach incidents involving ransomware.
Our concern is that really, theres no ceiling here, Pinto says. I think were not convinced anymore that its going to stop — unless someone comes up with something thats even more efficient. I cannot imagine what that would be, but maybe this is why Im not in the organized crime business.
The fallout from the infamous
SolarWinds supply-chain hack
blew far and wide over the course of the year, with the software updates vector pushing the partner breach category up to being responsible for 62% of system-intrusion incidents (including ransomware incidents) — and thats way, way up, from a negligible 1% in 2020.
Pinto noted that despite the headlines and the interest in incidents like SolarWinds (and others, such as the
Kaseya-related ransomware attacks
), dealing with supply-chain breaches doesnt require an operational overhaul for most businesses.
Protecting against the fallout of a supply-chain breach if you were one of the affected customers is not so different from protecting from several other types of malware, because your servers are beaconing out to somewhere they shouldnt be. If youre a CISO, the techniques you use should be fairly similar to the ones you already use because, quite frankly, trying to go after every single software supplier you have to try to make them secure will make you insane. Its a very big lift.
In examining the entry paths for breaches, Pinto noted that attacks can reliably be boiled down to four different (and familiar) avenues: the use of stolen credentials; social engineering and phishing; vulnerability exploits; and the use of malware.
The one thing when you close this report to do is, go look at those four things in your environment and what controls you have for them, Pinto says.
When it comes to ransomware-related breaches in particular, 40% of incidents analyzed involved the use of desktop sharing software such as Remote Desktop Protocol. And 35% involved the use of email (phishing, mostly).
Locking down your external-facing infrastructure, especially RDP and emails, can go a long way toward protecting your organization against ransomware, Pinto says.
Its worth noting that overall, 82% of all breaches analyzed by Verizon relied on human error (misconfigurations, for example, accounting for 13% of breaches) or interaction (phishing, social engineering, or stolen credentials). Artur Kane, vice president of product at GoodAccess, says that this indicates a few best practices to take a look at.
First, there are the technical solutions, such as requiring multifactor authentication (MFA) and network segmentation by access privileges, along with implementing real-time threat detection capability, keeping continuous access logs, and running regular backups.
However, security administrators also need to have solid response and recovery plans in place for these occurrences, and should conduct regular trainings and drills, Kane says. [And] user training can greatly contribute to improving the overall company security posture. As a large part of ransomware attacks opens with a phishing lure, training employees in how to spot them can save millions of dollars in later breach recovery.

Last News

▸ Sony, XBox Targeted by DDoS Attacks, Hacktivist Threats ◂
Discovered: 23/12/2024
Category: security

▸ There are plenty of online tools for reporting bugs. ◂
Discovered: 23/12/2024
Category: security

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Theres No Ceiling: Ransomwares Alarming Growth Signals a New Era, Verizon DBIR Finds