As ransom payments reach an all-time high, it’s time to look at attacks from a data perspective and find the greatest opportunities to stop these attacks.
Every quarter, I’ve been covering the Quarterly Ransomware Reports from ransomware response company Coveware. In their latest report covering Q3 of this year, we get a greater sense of what trends their security researchers are seeing from the data:
- The average ransom payment made jumped up by 15% to just over $850K
- The median size of company targeted remains in the mid-market at around 350 employees
- We’re constantly seeing new players in the market – Q3’s number one player, Akira, was first spotted in Q2 and now is the top variant seen in attacks
- “Unknown” has taken the top spot as the most prevalent initial attack vector
This last one is interesting. If you’ve read my coverage of these reports before, you know how much I hound on “email phishing” being at or near the top of initial attack vectors. But Coveware makes some interesting commentary on why “Unknown” is at the top.
“A continued reliance of ransomware actors on access brokers who may establish a foothold weeks or months ahead of the actual incident, whose access points cannot be confidently proven due to the expiration of critical forensic artifacts from the time of initial access.”
They also mention that “Stolen/leaked VPN credentials continue to be a valuable resource for big game hunters who leverage these persistent, legitimate access points without triggering the same alarms that leveraging a malicious foothold might set off.”
Lastly, “Phishing remains prevalent despite the disruption of the Qbot botnet. Recent examinations of our data suggest phishing is more likely to be the predecessor to a data-theft-only extortion attack than it is for encryption-focused attacks.”
It’s the complex nature of multiple threat groups working together via the cybercrime ecosystem – each playing a smaller role in what becomes a larger single attack – that creates the “inconclusive” nature of the initial attack vector. But if you are reading between the lines of the commentary above from Coveware, it does become evident that both phishing and social engineering – something security awareness training helps fend against – are very much playing a role in these attacks.
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.