Stolen credentials are no longer the number one initial access vector for ransomware (opens in new tab) operators looking to infect a target network and its endpoints (opens in new tab) - instead, they are more interested in exploiting internet-facing vulnerabilities.
According to a statement from Secureworks, ransomware-as-a-service developers are quick to add newly discovered vulnerabilities to their arsenals, thus allowing even less skilled hackers to exploit them swiftly and with relative ease.
In fact, the company''s annual State of the Threat Report reveals that flaw exploitation in remote services accounted for 52% of all ransomware incidents in the last 12 months.
Biggest threat to businesses
Secureworks also saw a 150% increase in informationstealers, which became a major precursor to ransomware. Both factors, according to the report, kept ransomware as the number one concern for companies of all sizes, who must fight to keep up with fresh vulnerability prioritization and patching.
Although law enforcement is being actively involved, ransomware is still the biggest threat for businesses. It covers almost a quarter of all attacks reported in the last 12 months, according to Secureworks. Despite that, operators remained highly active.
This year, average, a company took four and a half days to spot a ransomware attack, down from five days last year. This means dwell time was reduced in half, though, from 22 days in 2021, to 11 days this year. Victims have roughly a week to respond and mitigate potential damage, according to Secureworks.
The number of compromised companies, which had their names listed on the hackers leak sites, has risen from 1,170 in the first six months of 2021, to 1,307 in the same period this year.
GOLD MYSTIC has been listed as one of the country''s most prominent offenders. This is a group that uses LockBit and was adding an average of 70 victims a month to its leak site since July 2021.