The exploitation in remote services has become the primary initial access vector (IAV) in ransomware attacks over the past year, accounting for 52% of ransomware incidents, cybersecurity company Secureworks reveals in its annual State of the Threat Report. In addition, Secureworks reports a 150% rise in the use of “infostealers” — a key precursor to ransomware.
Secureworks’ 2022 report provides an overview of how the global cybersecurity threat landscape has evolved over the last 12 months, with a focus on the Secureworks Counter Threat Unit’s firsthand observations of threat actor tooling and behaviors.
Barry Hensley, chief threat intelligence officer for Secureworks, added context to the study:
“We conduct thousands of incident response engagements every year. While ransomware remains the most prominent threat to businesses, we are tracking notable shifts in threat actor behaviors and their approach to campaigns. It’s too simple to claim that ransomware-as-a-service is slowing. Our research clearly shows a rise in infostealers use and an evolution of tools and adversaries. The threat is changing, but it is not going away. It’s critical for organizations to stay ahead of the adversary with solutions that effectively prioritize risk, based on the most up-to-date intelligence. When businesses understand the nature of the threat, they can better focus resources and move quickly to optimize response."
Ransomware continues to remain the primary threat facing organizations, accounting for more than a quarter of all attacks, Secureworks reports. And, despite a series of high-profile law enforcement interventions and public leaks, and a small slow down over the summer months, ransomware operators have maintained high levels of activity.
The median detection window in 2022 is four and a half days, compared to five days in 2021, according to Secureworks. The mean dwell time in 2021 was 22 days, but so far in 2022 it is down to 11 days. Thus, companies effectively have one working week to respond to and mitigate damage.
The number of victims listed on public “name and shame” sites continues to remain high with no year-over-year reduction, Secureworks reports. Despite some monthly fluctuations, the number of victims named in the first six months of 2022 is slightly higher at 1,307 than the 1,170 named in the first six months of 2021.