Ransomware attacks have increased manifold over the years and so have the ransom demands. This year-over-year evolution of ransomware threats is primarily attributed to emerging tactics, techniques, and procedures adopted by attackers.
Most common intrusion point
According to a report from Group-IB, Remote Desktop Protocol (RDP) was the common point of intrusion for ransomware in 2019. Vulnerable Windows RDP ports were abused in 70-80% of all ransomware attacks in 2019 to gain an initial foothold.
Big-league players like Ryuk, LockerGoga, REvil, MegaCortex, Maze, and NetWalker used open RDP port to sneak into a company’s networks and servers.
Other attack methods
- The report also highlighted that exploit kits, external remote services, spear-phishing attachments, and valid accounts are other attack techniques used by ransomware operators to gain access to victims’ computers.
- More advanced ransomware actors rely on supply-chain compromise, exploiting unpatched vulnerabilities in public-facing applications, and compromising managed service providers (MSPs) to obtain access to valuable targets.
Further tactics adopted by attackers
Once attackers gain an initial foothold on targeted computers, they deploy their tools and move to the next stages for establishing persistence, escalating privileges, evading detection, acquiring credentials, mapping the network, stealing files, and then encrypting them.
Evasion techniques evolve…
Protection of critical cyber systems: Canada introduces new legislation under Bill C-26
On June 14, 2022 the Government of Canada introduced Bill C-26, An Act Respecting Cyber Se…