Remote services are becoming an attractive target for ransomware

News
By published

Remote services are now the number one initial access vector, report claims

ID theft
Image credit: Pixabay (Image credit: Future)

Stolen credentials are no longer the number one initial access vector for ransomware operators looking to infect a target network and its endpoints - instead, they’ve become more interested in exploiting vulnerabilities found in internet-facing systems. 

A report from Secureworks claims ransomware-as-a-service developers are quick to add newly discovered vulnerabilities into their arsenals, allowing even less competent hackers to exploit them swiftly, and with relative ease.

In fact, the company's annual State of the Threat Report reveals that flaw exploitation in remote services accounted for 52% of all ransomware incidents the company analyzed over the last 12 months. 

Biggest threat to businesses

Besides remote services, Secureworks also spotted a 150% increase in the use of infostealers, which became a “key precursor” to ransomware. Both these factors, the report stresses, kept ransomware as the number one threat for businesses of all sizes, “who must fight to stay abreast of the demands of new vulnerability prioritization and patching”. 

All things considered, ransomware is still the biggest threat for businesses. It takes up almost a quarter of all attacks that were reported in the last 12 months, Secureworks says, and despite law enforcement being actively involved, operators remained highly active.

Read more

> What is ransomware and how does it work?

> This new Royal ransomware is already asking for millions

> These are the best servers for small businesses right now

This year, on average, it took a company four and a half days to spot a ransomware attack, down from five days last year. Mean dwell time was cut in half, though, from 22 days in 2021, to 11 days this year. Victims have roughly a week to respond and mitigate any potential damage, Secureworks added.

The number of compromised companies, whose names ended up on the hackers’ leak sites remains high, growing from 1,170 in the first six months of 2021, to 1,307 for the same period this year. 

The company listed GOLD MYSTIC as one of its biggest offenders. This is a group that uses LockBit and was adding an average of 70 victim names a month to its leak site, since July 2021.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
ransomware avast
“Every organization is vulnerable” - ransomware dominates security threats in 2024, so how can your business stay safe?
Ransomware attack on a computer
Ransomware attacks surged in 2024 as hackers looked to strike faster than ever
ransomware avast
AI is helping hackers get access to systems quicker than ever before
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
More reports claim 2024 was the worst year for ransomware attacks yet
A digital representation of a lock
Exploits on the rise: How defenders can combat sophisticated threat actors
Best email services: image of email with one unread message alert
Over 400 million unwanted and malicious emails were received by businesses in 2024
Latest in Security
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Oracle
Oracle denies data breach after hacker claims to hold six million records
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Latest in News
A phone showing a ChatGPT app error message
ChatGPT is down for many – here's what's going on
AirPods Max with USB-C in every color
Apple's AirPods Max with USB-C will get lossless audio in April, but you'll need to go wired
A woman sitting in a chair looking at a Windows 11 laptop
It looks like Microsoft might have thought better about banishing Copilot AI shortcut from Windows 11
US flags
US government IT contracts set to be centralized in new Trump order
Tesla Roadster 2
Tesla is still taking deposits on its long overdue Roadster, despite promising it would arrive in 2020
Samsung HW-Q990D soundbar with Halloween theme over the top
Samsung promises to repair soundbars bricked by its disastrous software update for free – but it'll probably involve shipping
More about security
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol

Coinbase targeted after recent Github attacks
Oracle

Oracle denies data breach after hacker claims to hold six million records
Half man, half AI.

Ensuring your organization uses AI responsibly: a how-to guide
See more latest