Escalating Ransomware Diminishes Organizations' Confidence

Escalating Ransomware Diminishes Organizations' Confidence

By Greg Tavarez

Ransomware is an escalating problem. It halted operations of Toyota factories in Japan for 24 hours in February. It forced Lincoln College, a 157-year-old school, to close its doors in May. It also forced Costa Rica to declare of state of emergency in May. These are only a few of the countless organizations that have been impacted by ransomware attackes.

Those incidents are concerning because organizations of all sizes are at risk. What’s even more concerning is that, according to SpyCloud’s “2022 Ransomware Defense Report,” 90% of organizations were affected by ransomware in some capacity over the past 12 months, an increase from 2021’s 72.5%. Conversely, the number of companies that have not been hit by ransomware dropped from almost 30% in 2021 to 10% in 2022. In addition, there’s been an uptick in the number of companies experiencing multiple attacks:

  • 50% were hit two to five times in the past year, compared to 33.5% the previous year.
  • More than three-fourths of those were hit between two times and 10-plus times in the past year, compared to nearly 52% the year before.

These numbers correlate with the feeling across the board among organizations that confidence in ransomware mitigation solutions is decreasing. Companies realize threats slipped through their defenses, which is forcing those companies to upgrade or add new security measures.

The three main vectors ransomware slipped through, according to the organizations, are unpatched vulnerabilities, phishing emails and unmanaged devices. Unpatched vulnerabilities are a commonly known tactic used by bad actors.

When it comes to concerns with phishing, most thought of RedLine Stealer, one of the more widely used infostealers for Windows devices often distributed through phishing campaigns. Stolen data included stored passwords, browser fingerprints and session cookies, which threat actors use to log into corporate applications and systems, bypassing MFA, to launch a ransomware attack

Unmanaged devices are a cause for concern because there is a lack of visibility. These devices cannot be monitored for threats such as malware and third-party application exposures.

“Organizations are right to be concerned about unwitting insider threats — their cybersecurity measures are failing to close gaps that are leading to ransomware attacks,” said SpyCloud CEO and co-founder Ted Ross. “Organizations may not be aware that undetected malware infections on personal devices represent the riskiest of those gaps.”

Malware infections are more widespread than many organizations realize. Through analysis of botnet logs recaptured in 2022, SpyCloud researchers identified over 6 million malware-infected devices with application credentials siphoned. On average, in 2022, SpyCloud researchers found as many as 156 million siphoned application login credentials.

“Effective ransomware prevention strategies must focus on the entry points security teams can’t see – the cloaked attack surface that includes third-party applications and unmanaged machines outside their standard monitoring purview,” said Ross. “A single malware-infected device can compromise hundreds of corporate applications.”

Given how ransomware operates, defense solutions in place among surveyed organizations are data backup, MFA, user awareness training, network/resource segmentation, email security and patching and secure configuration management. These solutions show the primary focus for security teams is on stopping malware and its related entry points while also preparing to restore and recover data when an incident inevitably takes place.




Edited by Erik Linask
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

SHARE THIS ARTICLE
Related Articles

Produce8 App Update: Slash Unproductive Meetings, Boost MSP Efficiency

By: Greg Tavarez    4/25/2024

Produce8 launched a major update to its flagship application designed to provide MSPs and their clients with unmatched insights into how meetings affe…

Read More

MSP Expo Gold Sponsor ThreatLocker Strengthens Zero Trust Focus with $115M Series D Funding

By: Greg Tavarez    4/25/2024

ThreatLocker's recent announcement of a $115 million Series D funding round only highlights further the increasing demand for better endpoint protecti…

Read More

BreachRx Secures $6.5M Seed Funding

By: Stefania Viscusi    4/24/2024

BreachRx closed a $6.5 million seed round, led by SYN Ventures, with additional support from Overline.

Read More

Bigleaf Networks and NHC Partner to Optimize the Edge

By: Greg Tavarez    4/24/2024

New Horizon Communications Corp. (NHC) entered a strategic collaboration with Bigleaf Networks to offer network communications services to organizatio…

Read More

Secure the Everywhere Work Landscape: Ivanti Launches EASM and Platform Upgrades

By: Greg Tavarez    4/24/2024

The recently released Ivanti Neurons for External Attack Surface management, or EASM, helps combat attack surface expansion with full visibility of ex…

Read More