October 10, 2023 at 04:33AM
A study conducted by Secureworks revealed that cyber attackers are now deploying ransomware within 24 hours of gaining initial access to a victim’s environment. In nearly two-thirds of cases, ransomware was deployed within a day, and in over 10% of incidents, it was deployed within five hours. This marks a significant decrease from previous years, indicating that cybercriminals are working faster due to improved detection technologies and the rise of ransomware-as-a-service (RaaS) models. The top three methods used by attackers to gain initial access were vulnerability-scanning tools, stolen credentials, and malware distributed via phishing emails. It is crucial for organizations to prioritize basic cyber hygiene and not fall prey to hype when it comes to cybersecurity.
Key takeaways from the meeting notes:
1. The time between cyber attackers gaining initial access and deploying ransomware has decreased to 24 hours, with nearly two-thirds of attacks deploying ransomware within a day.
2. The average dwell time has dropped to 24 hours in 2023, down from 4.5 days in 2022 and 5.5 days the year before.
3. Double extortion scenarios, where data exfiltration occurs before ransomware deployment, can lead to longer dwell times.
4. Detection technologies and the popularity of the ransomware-as-a-service (RaaS) model have forced cybercriminals to work quickly and carry out less complex attacks.
5. LockBit is the most prolific ransomware group in 2023, followed by BlackCat.
6. Vulnerability scanning tools and stolen credentials are the main access vectors for ransomware attacks. Infostealer activity and phishing emails with malware are also common methods.
7. Basic cyber hygiene and patching infrastructure are crucial for protection against ransomware attacks.
Full Article – https://ift.tt/7KaqAZn