What is the current state of ransomware threats?
Ransomware remains a significant threat for organizations of all sizes, with a notable increase in attacks observed in September and October 2023, nearly double the number of attacks compared to October 2022. The ransomware business model has evolved, with operators utilizing tactics like double-extortion and ransomware-as-a-service (RaaS) to enhance their operations. New players like Noberus and LockBit have emerged as dominant forces in the landscape.
What tactics do ransomware attackers commonly use?
Ransomware attacks typically involve a multi-staged process that includes tactics such as credential dumping, lateral movement, and the exploitation of known vulnerabilities in public-facing applications. Tools like PsExec and PowerShell are frequently used by attackers to execute commands and move across networks. Understanding these TTPs can help organizations prioritize their defensive measures.
How can organizations protect themselves from ransomware?
Organizations can enhance their defenses by reducing the number of accounts with administrator privileges and increasing protection on those accounts. Regularly updating software to patch known vulnerabilities, particularly in applications like Microsoft Exchange Server and Citrix, is also crucial. Additionally, leveraging threat intelligence to understand prevalent attack techniques can guide organizations in strengthening their security posture.
Sign in with LinkedIn_thumb.jpg)