Ransomware is an increasingly common term in the news around the world. This is a cyberattack that seizes data for financial ransom and has grown exponentially in recent years.

According to the latest report Ransomware Ecosystem Analysisthe rise of ransomware driven by cybercriminal gangs operating like startups. All through an incredible business model that includes multiple actors, marketing strategies and customer service, making it a self-sustaining industry to get the most “sales” i.e. attacks.

In this scenario, victims are considered “customers”. The ransomware industry is considered one of the most profitable in the world today.

In 2020 alone, these ransomware groups earned $692 million from mass attacks, nearly five times more than in the previous six years combined. Cybersecurity needs to be everywhere now.

As seen in the discovery of a guide by the Conti ransomware group, it was recently discovered that criminals provide playbooks for affiliates to implement chain attack tactics. They made money – amazing! – More than $180 million hacks since it was created in 2020.

Computer has ransomware attacks and the company is worried

Identifying the functioning of these groups is essential for reducing risk. By improving the performance of these groups, we highlight the six main attack vectors used by them operate against their victims. Look:

  1. bait hook: The most common method of entering organizations is spear phishing, in which cybercriminals send emails with malicious attachments or links to external websites that host malware. The malware used in these attacks is not the ransomware itself, but a trojan designed to download secondary and tertiary components. These additional malware components will eventually lead to a ransomware payload.

  2. Remote desktop protocol: RDP instances, which allow users to access their desktops without being physically close to their computers, are another popular way ransomware affiliates use to target organizations. Because these examples are public, attackers can use scripts to attempt to break into these systems by targeting weak passwords or using known standard password combinations.

  3. Exploiting vulnerabilities: Software vulnerabilities play an important role in facilitating ransomware attacks through multiple avenues, including vulnerabilities used as part of malicious documentation, vulnerabilities found in peripheral devices such as SSL-VPNs (Secure Sockets Layered Virtual Private Networks) as well as multiple vulnerabilities. . It is designed to elevate privileges on an organization’s network.

  4. Buy access from IABs (First Access Agents): IABs provide ransomware affiliates a time-saving way to gain access to an already compromised organization. They do reconnaissance and initial work using some of the vectors described above, from sending spear phishing emails to exploiting vulnerabilities to brute-force weak RDP systems. These efforts make the role of IABs invaluable in the ransomware ecosystem.

  5. Third party commitment: Third parties provide an additional attack vector for ransomware. In July 2021, a subsidiary of REvil ransomware exploited several zero-day vulnerabilities in Kaseya’s Virtual System Administrator (VSA), a software developer, to seek ransomware from companies partnering with MSPs to remotely manage their systems. A zero-day vulnerability is when hackers find a vulnerability in a system or software without the developers even realizing it.

  6. Hiring insiders within companies and governments: Despite being highly publicized, ransomware groups have made open offers to members of organizations and government agencies to help facilitate ransomware attacks.In such cases, insiders are another type of affiliate. For example, the LockBit 2.0 ransomware group has offered “millions of dollars” to insiders who want to provide credentials for corporate email accounts, RDPs and VPNs, or infect their corporate devices with malware. More recently, in May of this year, the Conti ransomware group claimed to have insiders within the Costa Rican government who assisted in its attacks on the country.

When these main attack vectors of ransomware groups are exposed, I would like to offer valuable suggestions for basic protection of companies’ systems:

  • The first recommendation is to use multi-factor authentication for all accounts in your organization: ransomware groups purchase access to organizations through IABs that provide credentials or exploit vulnerabilities that expose login credentials. Adding multi-factor authentication as a requirement, another extra layer is automatically added for attackers ransomware has to overcome.

  • Second, it requires the use of strong passwords for accounts: weak or default passwords make it easier for ransomware groups to access accounts. Make it difficult for attackers by ensuring that password requirements contain long, unusual words mixed with numbers and signs.

  • The third piece of advice is to detect and fix vulnerable assets on your network in a timely manner: we know ransomware groups are adept at exploiting unpatched and legacy vulnerabilities, so organizations need to identify vulnerable assets in their network and apply existing patches.

Finally, implement security awareness training to educate your employees about common attack vectors: social engineering intrusions, including targeted phishing via email or social media.

By providing digital user trust and awareness training, employees will know how to do it. Identifying common attack vectors used by cybercriminalsand thus can play an important role in protecting their networks.

Did you like the content? So keep following TecMundo to stay informed about this and other very important issues for your company’s safety!

Source: Tec Mundo

Previous articleDoes it make sense to turn off Bluetooth to save battery power?
Next articleI can’t wait for game consoles to disappear (and become something else)

LEAVE A REPLY

Please enter your comment!
Please enter your name here