Report: Remote services exploits opening opportunities for ransomware attacks
Unpatched remote services have been the primary reason for ransomware attacks in the past year, according to Securework’s annual State of the Threat report.
The report claims exploitation of remote services was the reason for 52% of ransomware incidents analysed over the past year, overtaking credential-based access.
It says that cyber attackers are proving to be rapid in adapting their tools to exploit new vulnerabilities, often before organisations have had the time to patch them.
Rafe Pilling, principal researcher for the Counter Threat Unit (CTU) at Secureworks told Techinformed: “Threat actors are increasingly efficient at adopting publicly disclosed exploits for new vulnerabilities.”
He added: “In 2021 several high-profile exploits in popular products emerged and were used by threat actors to devastating effect. Where these vulnerabilities appear in the future they are likely to be quickly used. Where they are not available, criminals and nation-state groups will attempt to make use of phishing and other credential attacks to gain initial access to victim environments.”
Infostealers, a type of malware that efficiently gathers company data and credentials in order to send to the attacker, have also risen by 150%, making them a major enabler of ransomware operations.
According to the report, on a single day in June 2022, CTU researchers observed over two million credentials obtained by infostealers, and made available for sale on an underground marketplace.
The research found that over the past year, ransomware has accounted for more than a quarter of all attacks.
This year’s biggest offenders based on Secureworks’ incident response engagements are ‘GOLD MYSTIC’, ‘GOLD BLAZER’, ‘GOLD METADOR’, and ‘GOLD HAWTHORNE’ – all of which are tied to Russia.
The Computer Emergency Response Team of Ukraine (CERT-UA), reported a steady cadence of cyber activity directed against Ukrainian targets. Some of the activity is identifiably from Russian government-sponsored threat actors, the report reads.
Subscribe to our Editor's weekly newsletter