SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
71 billion ransomware attacks on remote access - ESET
Thu, 12th Aug 2021
FYI, this story is more than a year old

There have been 71 billion ransomware attacks on remote access between January 2020 and June 2021, according to new research from ESET.

The cybersecurity firm published its latest research white paper, titled RANSOMWARE: A look at the criminal art of malicious code, pressure, and manipulation, which examines how dangerous ransomware has become due to the criminals psychological and technical innovation and offers advice on how organisations can best protect themselves.

The report also reveals the most widespread techniques used by malicious actors, focusing on three specific attack vectors: Remote Desktop Protocol (RDP), email attachments, and supply chain.

Ransomware gangs have misused the COVID-19 pandemic to expand their extortion and distribution toolkit, focusing on intrusions via publicly available misconfigured systems running Remote Desktop Protocol. ESET telemetry identifies RDP as one of the most popular attack vectors today, with detections surpassing 71 billion between January 2020 and June 2021.

Unlike malicious files attached to an email, attacks via RDP use the ruse of legitimacy and thus fly under the radar of many detection methods, meaning fewer metrics and less threat awareness for businesses.

ESET telemetry also revealed that the Server Message Block protocol, mainly used for file and printer sharing in enterprise networks, can also be misused as an attack vector via which ransomware can penetrate an organisations network. Between January and April 2021, ESET technologies blocked more than 335 million brute-force attacks against public-facing SMB services.

 As ransomware attacks are becoming increasingly targeted, it is essential that businesses are aware of the latest methods used by cybercriminal gangs and are prepared to respond. In addition to a proper setup of RDP and other cyber hygiene factors, the paper advises to employ an advanced endpoint detection and response tool such as ESET Enterprise Inspector.

The white paper also highlights recent high-profile attacks such as those on Kayesa and the Colonial Pipeline, and reflects on the costs inflicted by ransomware operators on businesses across the world. In light of those and a plethora of other ransomware cases, authors of the paper discuss the payment dilemma. They argue that while paying ransoms might restore some of the files, it offers no guarantee that cybercriminals will, or can, restore full access to data and that sending the demanded sum of cryptocurrency helps fund future crimes which is also why a debate is underway about making such payments illegal.

"Ransomware is currently one of the most potent cyberthreats to modern organisations, targeting all industries and affecting both the public and private sector," says Ondrej Kubovi, security awareness specialist and author of the white paper.

"It is essential that organisations are equipped with knowledge and insight into the latest developments on the ransomware scene and that they build their defenses on cyber hygiene, proper setup and reliable security measures," he says.

"Our white paper reflects ESETs goal to stay one step ahead of malicious actors, offers actionable advice for administrators as well as their superiors and provides insight into security products that help mitigate the threat."