Escalating Ransomware Diminishes Organizations' Confidence


Escalating Ransomware Diminishes Organizations' Confidence

By Greg Tavarez

Ransomware is an escalating problem. It halted operations of Toyota factories in Japan for 24 hours in February. It forced Lincoln College, a 157-year-old school, to close its doors in May. It also forced Costa Rica to declare of state of emergency in May. These are only a few of the countless organizations that have been impacted by ransomware attackes.

Those incidents are concerning because organizations of all sizes are at risk. What’s even more concerning is that, according to SpyCloud’s “2022 Ransomware Defense Report,” 90% of organizations were affected by ransomware in some capacity over the past 12 months, an increase from 2021’s 72.5%. Conversely, the number of companies that have not been hit by ransomware dropped from almost 30% in 2021 to 10% in 2022. In addition, there’s been an uptick in the number of companies experiencing multiple attacks:

  • 50% were hit two to five times in the past year, compared to 33.5% the previous year.
  • More than three-fourths of those were hit between two times and 10-plus times in the past year, compared to nearly 52% the year before.

These numbers correlate with the feeling across the board among organizations that confidence in ransomware mitigation solutions is decreasing. Companies realize threats slipped through their defenses, which is forcing those companies to upgrade or add new security measures.

The three main vectors ransomware slipped through, according to the organizations, are unpatched vulnerabilities, phishing emails and unmanaged devices. Unpatched vulnerabilities are a commonly known tactic used by bad actors.

When it comes to concerns with phishing, most thought of RedLine Stealer, one of the more widely used infostealers for Windows devices often distributed through phishing campaigns. Stolen data included stored passwords, browser fingerprints and session cookies, which threat actors use to log into corporate applications and systems, bypassing MFA, to launch a ransomware attack

Unmanaged devices are a cause for concern because there is a lack of visibility. These devices cannot be monitored for threats such as malware and third-party application exposures.

“Organizations are right to be concerned about unwitting insider threats — their cybersecurity measures are failing to close gaps that are leading to ransomware attacks,” said SpyCloud CEO and co-founder Ted Ross. “Organizations may not be aware that undetected malware infections on personal devices represent the riskiest of those gaps.”

Malware infections are more widespread than many organizations realize. Through analysis of botnet logs recaptured in 2022, SpyCloud researchers identified over 6 million malware-infected devices with application credentials siphoned. On average, in 2022, SpyCloud researchers found as many as 156 million siphoned application login credentials.

“Effective ransomware prevention strategies must focus on the entry points security teams can’t see – the cloaked attack surface that includes third-party applications and unmanaged machines outside their standard monitoring purview,” said Ross. “A single malware-infected device can compromise hundreds of corporate applications.”

Given how ransomware operates, defense solutions in place among surveyed organizations are data backup, MFA, user awareness training, network/resource segmentation, email security and patching and secure configuration management. These solutions show the primary focus for security teams is on stopping malware and its related entry points while also preparing to restore and recover data when an incident inevitably takes place.

Edited by Erik Linask

MSPToday Editor

Related Articles

Cyberattack Protection, Detection, and Recovery with SaaS

By: Greg Tavarez    11/23/2022

DataHawk from Cohesity is a data security SaaS solution that helps customers protect, detect and recover from cyberattacks and ransomware attacks.

Read More

Cloud Marketplace Innovator Pax8 Ranks 131 on the Deloitte Technology Fast 500

By: Juhi Fadia    11/23/2022

Pax8 has been named in the Deloitte Technology Fast 500 among the fastest-growing technology, media, telecommunications, life sciences, fintech, and e…

Read More

Arizona Department of Homeland Security Picks Tanium for Cybersecurity

By: Stefania Viscusi    11/22/2022

With a new, state-of-the-art cybersecurity solution from Tanium, AZDOHS is able to better share key information in real time, creating a stronger secu…

Read More

IT Teams Fall Short in Microsoft 365 Security Protections

By: Greg Tavarez    11/21/2022

A surprising number of enterprises have major gaps in the Microsoft security policies and practices, leading to unnecessary risks.

Read More

Phishing Attacks Sprout from Unexpected Places

By: Greg Tavarez    11/21/2022

Users more frequently click on phishing links that arrive through other channels, including personal websites and blogs, social media, and search engi…

Read More