Carding 4 Carders
Professional
- Messages
- 2,724
- Reaction score
- 1,579
- Points
- 113
The researchers found that the time between penetration and activation of the ransomware was greatly reduced.
According to a recent study by Secureworks, the time it takes cybercriminals to deploy ransomware after gaining initial access to the victim's system has decreased to 24 hours. In almost 2/3 of the cases examined, the attackers launched the attack within a day, and in 10% - in less than five hours. In previous years, the deadline was much longer — an average of 4.5 days in 2022 and 5.5 days in 2021.
It is worth noting that the 24-hour indicator remained stable throughout 2023 and did not depend on specific variants of ransomware or a group of cybercriminals.
In some cases, the attack time was extended: if the criminals exported data from the system before activating the malicious code. This approach is called "double extortion", but it is not used so often. According to Microsoft's annual report, such incidents accounted for only 13% of all ransomware incidents last year.
Secureworks also noted that modern campaigns are becoming less sophisticated than before. "The field of cybersecurity has made significant progress in recognizing the activity that usually precedes ransomware attacks. This is, for example, the use of programs like Cobalt Strike, " experts say.
The acceleration of attacks may be due to the popularity of the ransomware-as-a-service (RaaS) model. More experienced hackers provide ready-made tools for novice criminals, which in turn makes the hacking process faster and more efficient, as well as increases the number of attacks.
There are other ways. Despite the arguments of experts that advanced automated attacks based on AI will soon appear, most of the incidents occurred due to the elementary negligence of the companies themselves. Mostly — through unresolved vulnerabilities.
Attackers have become more likely to use stolen credentials to access target systems — recently, analysts have recorded a high activity of infostealer programs. In the Russian market alone, their number increased to 7 million, compared to 2.9 million a year earlier.
Both of these methods were used in 32% of campaigns.
Sending malware via phishing emails also remains a popular tactic, providing 14% of penetrations.
Experts urge organizations to pay special attention to basic cyber hygiene and keep their finger on the pulse.
According to a recent study by Secureworks, the time it takes cybercriminals to deploy ransomware after gaining initial access to the victim's system has decreased to 24 hours. In almost 2/3 of the cases examined, the attackers launched the attack within a day, and in 10% - in less than five hours. In previous years, the deadline was much longer — an average of 4.5 days in 2022 and 5.5 days in 2021.
It is worth noting that the 24-hour indicator remained stable throughout 2023 and did not depend on specific variants of ransomware or a group of cybercriminals.
In some cases, the attack time was extended: if the criminals exported data from the system before activating the malicious code. This approach is called "double extortion", but it is not used so often. According to Microsoft's annual report, such incidents accounted for only 13% of all ransomware incidents last year.
Secureworks also noted that modern campaigns are becoming less sophisticated than before. "The field of cybersecurity has made significant progress in recognizing the activity that usually precedes ransomware attacks. This is, for example, the use of programs like Cobalt Strike, " experts say.
The acceleration of attacks may be due to the popularity of the ransomware-as-a-service (RaaS) model. More experienced hackers provide ready-made tools for novice criminals, which in turn makes the hacking process faster and more efficient, as well as increases the number of attacks.
There are other ways. Despite the arguments of experts that advanced automated attacks based on AI will soon appear, most of the incidents occurred due to the elementary negligence of the companies themselves. Mostly — through unresolved vulnerabilities.
Attackers have become more likely to use stolen credentials to access target systems — recently, analysts have recorded a high activity of infostealer programs. In the Russian market alone, their number increased to 7 million, compared to 2.9 million a year earlier.
Both of these methods were used in 32% of campaigns.
Sending malware via phishing emails also remains a popular tactic, providing 14% of penetrations.
Experts urge organizations to pay special attention to basic cyber hygiene and keep their finger on the pulse.
