The alarming growth of Ransomware as a Service heralds a new era, according to Verizon DBIR.
Ransomware occurrences have increased dramatically in the last year, with 25 percent of all breaches involving ransomware as a service component. The top-line finding of the Verizon Data Breach Investigations Report (DBIR) for 2022 is that ransomware events in combination with breaches have increased by 13% in the last year; only 12% of incidents were ransomware as a service-related last year. That’s a faster rate of growth than the preceding five years put together.
The 15th annual DBIR looked into 23,896 security incidents, with 5,212 of them being confirmed breaches. About four out of every five of these were the result of external cybercrime gangs and threat intelligence groups. According to Alex Pinto, manager of the Verizon Security Research team, these unscrupulous types are finding it simpler and easier to make a living off of ransomware, rendering other sorts of breaches obsolete. Everything in cybercrime has become so commoditized, so much like a business now, and it’s just too darn efficient of a methodology for monetizing their activity, the rise of ransomware as a service (RaaS) and initial-access brokers, getting into the extortion game requires very little skill or effort.
Previously, you had to enter in some way, look around, and discover stuff worth taking that had a reseller on the other end. When started the DBIR in 2008, the majority of the data taken was payment card data. Now, that number has plummeted since they can simply pay for access that has already been created and rent ransomware, making it much easier to achieve the same purpose of obtaining money.
A corollary of this scenario is that any and every company is a target businesses no longer need to have anything worth stealing in the sense of extremely sensitive data to be targeted by cybercrime. Small and midmarket businesses, as well as extremely small, mom-and-pop businesses, should be wary. You don’t have to go after the big ones anymore. In fact, going for the big dogs may be counterproductive because they usually have their ducks in a row when it comes to protection. If a company has a few computers and is concerned about its data, you may be able to make some money from them.
In a different context, the DBIR discovered that about 40% of data breaches are caused by malware installation (what Verizon refers to as system invasions) and that the surge in Ransomware as a Service has resulted in 55% of those specific breach events involving ransomware. We’re not persuaded it’ll end unless someone comes up with something even more efficient.
The SolarWinds Effect
Over the course of the year, the impact of the infamous SolarWinds supply-chain attack spread far and wide, with the “software updates” vector bringing the “partner breach” category up to 62 percent of system-intrusion occurrences (including ransomware incidents) up from a paltry 1% in 2020. Despite the publicity and interest in instances like SolarWinds (and others, such as the Kaseya-related ransomware assaults), most firms don’t need to redesign their operations to deal with supply-chain breaches.
Because your servers are beaconing out to places they shouldn’t be, protecting against the aftermath of a supply-chain hack if you were one of the affected customers is similar to protecting against various other types of malware. If you’re a CISO, your tactics should be quite comparable to those you now employ since, quite frankly, going after every single software vendor you have in order to safeguard them will drive you mad. It’s a massive lift.
Where Should You Begin Your Ransomware Defense?
When it comes to breach entry points, The attacks may be broken down into four distinct (and well-known) paths: the use of stolen credentials, social engineering and phishing, vulnerability exploits, and malware. When it comes to ransomware-related breaches, desktop sharing software like Remote Desktop Protocol was used in 40% of the occurrences investigated. And email was used in 35% of the cases (phishing, mostly).
Locking down your external-facing infrastructure, particularly RDP and emails may go a long way toward securing your firm against ransomware. It’s worth emphasizing that human error or interaction was responsible for 82 percent of all breaches. Then there are the technological solutions, which include demanding multifactor authentication (MFA) and network segmentation based on access privileges, as well as establishing real-time threat detection, maintaining continuous access logs, and performing frequent backups.
However, security administrators must have sound reaction and recovery strategies in place for these incidents, as well as regular pieces of training and drills. User training can also help to improve the overall security posture of a firm. Because phishing lures are used in a substantial percentage of ransomware assaults, training staff on how to recognize them can save millions of dollars in post-breach recovery costs.