A joint security advisory from CISA, FBI, NSA warns of increase in sophisticated, high-impact ransomware attacks that target critical organization's infrastructure across the world.

The advisory highlighted a broad range of industries targeted, which include agriculture, defense, emergency services, government facilities, IT, healthcare, financial services, legal institutions, public services, education, and energy. The common infection techniques employed are spear-phishing, brute-forced Remote Desktop Protocol (RDP) credentials stealing, and exploitation of software bugs, with the infection vectors used to deploy ransomware on compromised networks.

According to the Cybersecurity authorities, the market for ransomware became increasingly “professional” in 2021, with cybercriminal using services-for-hire business model now well established.

Tactics, Techniques, and Procedures (TTPs) used by criminals for Ransomware attacks?



The major tactics among cyber criminals in gaining access to networks are via phishing, stolen RDP credentials or brute force, and exploiting known vulnerabilities in software.



While phishing emails, RDP and exploitation of vulnerabilities remained the top infection vectors for ransomware incidents in 2021. And if a threat actor gains code execution on a device or network, ransomware can be easily deployed. These infection vectors remain popular because of their increased use starting in the previous year and continuing into 2021.

The expanded remote attack surface leave network defenders struggling to keep pace with routine security patching, and as ransomware groups share victim information with each other, diversifying the security threat on targeted organizations.

How to Mitigate against Ransomware attacks?



It is recommended that network defenders should apply the following mitigations to reduce the likelihood or impact of ransomware attacks:

Keep all software up to date: including timely security patching which is the most efficient and cost-effective step to minimize exposure to security threats.

Also, if your organization uses RDP or other potentially high risk service, there is need to secure and monitor them closely, with regular checking for notifications, and prioritize applying patches for known vulnerabilities. And automate security scanning and testing, when possible if upgrading hardware or software, to take advantage of vendor-provided security capabilities.

Cybersecurity Authorities warns of Sophisticated, High-impact Ransomware attacks

A joint security advisory from CISA, FBI, NSA warns of increase in sophisticated, high-impact ransomware attacks that target critical organization's infrastructure across the world.

The advisory highlighted a broad range of industries targeted, which include agriculture, defense, emergency services, government facilities, IT, healthcare, financial services, legal institutions, public services, education, and energy. The common infection techniques employed are spear-phishing, brute-forced Remote Desktop Protocol (RDP) credentials stealing, and exploitation of software bugs, with the infection vectors used to deploy ransomware on compromised networks.

According to the Cybersecurity authorities, the market for ransomware became increasingly “professional” in 2021, with cybercriminal using services-for-hire business model now well established.

Tactics, Techniques, and Procedures (TTPs) used by criminals for Ransomware attacks?



The major tactics among cyber criminals in gaining access to networks are via phishing, stolen RDP credentials or brute force, and exploiting known vulnerabilities in software.



While phishing emails, RDP and exploitation of vulnerabilities remained the top infection vectors for ransomware incidents in 2021. And if a threat actor gains code execution on a device or network, ransomware can be easily deployed. These infection vectors remain popular because of their increased use starting in the previous year and continuing into 2021.

The expanded remote attack surface leave network defenders struggling to keep pace with routine security patching, and as ransomware groups share victim information with each other, diversifying the security threat on targeted organizations.

How to Mitigate against Ransomware attacks?



It is recommended that network defenders should apply the following mitigations to reduce the likelihood or impact of ransomware attacks:

Keep all software up to date: including timely security patching which is the most efficient and cost-effective step to minimize exposure to security threats.

Also, if your organization uses RDP or other potentially high risk service, there is need to secure and monitor them closely, with regular checking for notifications, and prioritize applying patches for known vulnerabilities. And automate security scanning and testing, when possible if upgrading hardware or software, to take advantage of vendor-provided security capabilities.

No comments