IBM Security Finds Ransomware Attacks Take Less Than Four Days
IBM Security today published a report that found ransomware attacks, on average, can now be launched and completed in less than four days, down from two months previously.
On the plus side, however, the IBM X-Force Threat Intelligence Index report finds the number of ransomware incidents have declined 4% on an annual basis.
John Dwyer, head of research for the IBM Security X-Force, said despite that slight decline, cybersecurity teams remain vigilant because attackers today appear to be focused on creating backdoors into IT environments to later exploit. In fact, the IBM report found more than two-thirds (67%) of incidents involving backdoors are tied to ransomware attacks. Cybercriminals are selling access to those backdoors for as much as $10,000, according to IBM Security research.
Overall, the IBM report found the most common impact from cyberattacks in 2022 was extortion, which was primarily achieved through ransomware or business email compromise attacks. Manufacturing for the second consecutive year was the most extorted industry in 2022.
The number of cybercriminals targeting credit card information in phishing kits has also declined 52% in one year as cybercriminals appear to be prioritizing personally identifiable information such as names, emails and home addresses that can be sold at a higher price on the dark web or used to launch more profitable attacks.
Thread hijacking is another popular vector; in this attack, attackers used compromised email accounts to reply within ongoing conversations posing as the original participant. Thread hijacking attacks increased 100% monthly compared to 2021 data.
IBM researchers also noted that, while the number of vulnerabilities hit another record high in 2022, the proportion of known exploits relative to vulnerabilities has declined 10 percentage points from 2018 to 2022. Cybercriminals already have access to more than 78,000 known exploits, but most of them seem to prefer to rely on older known exploits because they remain effective, noted Dwyer. Most cybercriminals are always going to prefer the path of least resistance.
It’s also apparent cybercriminals are collaborating more effectively as different organized gangs continue to specialize, noted Dwyer. In contrast, many organizations are still reluctant to share information concerning the types of exploits being used to attack them for fear of airing their dirty laundry, said Dwyer. Until organizations find a more effective way to collaborate, however, cybercriminals will likely continue to have an upper hand, he added.
The biggest issue, however, is that too many organizations ignore cybersecurity fundamentals which makes it easy for cybercriminals to compromise their IT environments. There may be all kinds of vulnerabilities that cybercriminals could exploit by developing more advanced forms of malware, but the simple fact is that phishing campaigns that enable them to capture credentials are still highly effective. Much to their chagrin, most organizations that find themselves  victimized by these attacks are discovering that the attack was enabled by a simple mistake.
There is no such thing as perfect security, nor will there be any time soon. However, if more organizations focused on the fundamentals there would be fewer cybersecurity heartaches.
