by Eric Wesley

The costs and demand requests associated with ransomware are skyrocketing as the number of attacks rise. Infosecurity Magazine projects that ransomware damages will exceed $30 billion worldwide in 2023.

Nearly half of all data breaches during the first six months of 2022 involved stolen credentials.

Switzerland-based cybersecurity company Acronis reported in its 2022 mid-year cyberthreat report that nearly half of all data breaches during the first six months of 2022 involved stolen credentials.

Three Common Entry Points

The report identified three ways that bad actors gained access for the breaches.

1. Malicious Emails. To obtain stolen credentials, cybercriminals launched some 600 malicious email campaigns, 58% of which were phishing emails and 28% contained malware.
2. Cloud-Based Network Vulnerabilities. “As reliance on the cloud increases, attackers have homed in on different entryways to cloud-based networks,” say report authors. Cybercriminals seek unpatched software or other vulnerabilities to extract data, noting an increased focus on Linux operating systems and managed service providers and their networks of SMB customers.
3. Non-Traditional Entry Points. In a departure from prior “entry” practices, cybercriminals also use “non-traditional entry avenues” such as cryptocurrencies and decentralized finance systems.

Ransomware attacks continue to be the number one threat to large and medium-sized businesses, including government organizations.

Report authors opine: “Increasing complexity in IT continues to lead to breaches and compromises highlighting the need for more holistic approaches to cyber-protection.” They suggest that the “current cybersecurity threat landscape requires a multi-layered solution that combines anti-malware, EDR, DLP, email security, vulnerability assessment, patch management, RMM, and backup capabilities all in one place.”

The report concludes that such attacks “continue to be the number one threat to large and medium-sized businesses, including government organizations.”

Organizations Must Be Vigilant

No environment can be completely impervious to a ransomware attack. Awareness and vigilance, however, can reduce the severity and harm such attacks cause.

Key steps include:

• Staying up to date on the evolving threat landscape
• Analyzing the business impact of losing critical data
• Assessing internal and external readiness
• Reviewing and testing Incident Response Plans
• Identifying exposed assets
• Securing cloud workloads

REFERENCES

Acronis | Acronis Cyber Protection Operations Centers Report: Ransomware Dominates Threat Landscape | https://dl.acronis.com/u/rc/White-Paper-Acronis-Cyber-Protect-Cloud-Cyberthreats-Report-Mid-year-2022-EN-US-220811.pdf

Infosecurity Magazine | Global Ransomware Damages to Exceed $30bn by 2023 | 29 Aug 2022 | https://www.infosecurity-magazine.com/news/ransomware-exceed-30bn-dollars-2023/