![]() “Locking down your external-facing infrastructure, especially RDP and emails, can go a long way toward protecting your organization against ransomware,” Pinto says. And 35% involved the use of email (phishing, mostly). When it comes to ransomware-related breaches in particular, 40% of incidents analysed involved the use of desktop sharing software such as Remote Desktop Protocol. “The one thing when you close this report to do is, go look at those four things in your environment and what controls you have for them,” Pinto says. In examining the entry paths for breaches, Pinto noted that attacks can reliably be boiled down to four different (and familiar) avenues: the use of stolen credentials social engineering and phishing vulnerability exploits and the use of malware. It’s a very big lift.” Where to Start on Ransomware Defense If you’re a CISO, the techniques you use should be fairly similar to the ones you already use because, quite frankly, trying to go after every single software supplier you have to try to make them secure will make you insane. “Protecting against the fallout of a supply-chain breach if you were one of the affected customers is not so different from protecting from several other types of malware, because your servers are beaconing out to somewhere they shouldn’t be. Pinto noted that despite the headlines and the interest in incidents like SolarWinds (and others, such as the Kaseya-related ransomware attacks), dealing with supply-chain breaches doesn’t require an operational overhaul for most businesses. The fallout from the infamous SolarWinds supply-chain hack blew far and wide over the course of the year, with the “software updates” vector pushing the “partner breach” category up to being responsible for 62% of system-intrusion incidents (including ransomware incidents) - and that’s way, way up, from a negligible 1% in 2020. I cannot imagine what that would be, but maybe this is why I’m not in the organized crime business.” The SolarWinds Effect “I think we’re not convinced anymore that it’s going to stop - unless someone comes up with something that’s even more efficient. “Our concern is that really, there’s no ceiling here,” Pinto says. Put into a different context, the DBIR found that around 40% of data breaches are due to the installation of malware, he said (what Verizon refers to as system intrusions), and the rise in RaaS has led to 55% of those specific breach incidents involving ransomware. If a business has a handful of computers and they care about their data, you’re potentially going to make a few bucks out of them.” “In fact, going for the big guys might be counterproductive because those folks usually have their ducks more in a row as far as defenses. “You don’t have to go for the big guys anymore,” Pinto said. That means that small- and midmarket organizations should beware, Pinto said, as well as very small, mom-and-pop organizations. Now, that has fallen precipitously because they can just pay for access someone else established and install rented ransomware, and it’s so much simpler to reach the same goal of getting money.”Ī corollary to this story is that any and every organization is a target - companies no longer need to have something worth stealing in the way of highly sensitive data to fall in the cybercrime crosshairs. “In 2008 when we started the DBIR, it was by and large payment-card data that was stolen. “Before, you had to get in somehow, look around, and find something worth stealing that would have a reseller on the other end,” he explains. “Everything in cybercrime has become so commoditized, so much like a business now, and it’s just too darn efficient of a methodology for monetizing their activity,” he tells Dark Reading, noting that with the emergence of ransomware as-a-service (RaaS) and initial-access brokers, it takes very little skill or effort to get into the extortion game. ![]() ![]() And according to Alex Pinto, manager of the Verizon Security Research team, these nefarious types are finding it easier and easier to earn an ill-gotten living with ransomware, making other types of breaches increasingly obsolete. About four in five of those were the handiwork of external cybercriminal gangs and threat groups, according to Verizon. The 15th annual DBIR analyzed 23,896 security incidents, of which 5,212 were confirmed breaches. That translates into a rate of increase that’s more than the previous five years of growth combined. That’s the top-line finding in the 2022 Verizon Data Breach Investigations Report (DBIR), which found that ransomware events in conjunction with breaches ballooned 13% in the past year - last year’s report found that just 12% of incidents were ransomware-related. The past year has seen a staggering acceleration in ransomware incidents, with 25% of all breaches containing a ransomware component.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |