Stolen credentials are no longer the number one initial access vector for ransomware (opens in new tab) operators looking to infect a target network and its endpoints (opens in new tab) – instead, they’ve become more interested in exploiting vulnerabilities found in internet-facing systems.
A report from Secureworks claims ransomware-as-a-service developers are quick to add newly discovered vulnerabilities into their arsenals, allowing even less competent hackers to exploit them swiftly, and with relative ease.
In fact, the company’s annual State of the Threat Report reveals that flaw exploitation in remote services accounted for 52% of all ransomware incidents the company analyzed over the last 12 months.
Biggest threat to businesses
Besides remote services, Secureworks also spotted a 150% increase in the use of infostealers, which became a “key precursor” to ransomware. Both these factors, the report stresses, kept ransomware as the number one threat for businesses of all sizes, “who must fight to stay abreast of the demands of new vulnerability prioritization and patching”.
All things considered, ransomware is still the biggest threat for businesses. It takes up almost a quarter of all attacks that were reported in the last 12 months, Secureworks says, and despite law enforcement being actively involved, operators remained highly active.
This year, on average, it took a company four and a half days to spot a ransomware attack, down from five days last year. Mean dwell time was cut in half, though, from 22 days in 2021, to 11 days this year. Victims have roughly a week to respond and mitigate any potential damage, Secureworks added.
The number of compromised companies, whose names ended up on the hackers’ leak sites remains high, growing from 1,170 in the first six months of 2021, to 1,307 for the same period this year.
The company listed GOLD MYSTIC as one of its biggest offenders. This is a group that uses LockBit and was adding an average of 70 victim names a month to its leak site, since July 2021.