A recent Threat Pulse research report from NCC Group found that the highest number of Distributed Denial of Service (DDoS) incidents between January and September 2022 took place in the month of September. This represented a 14% increase and a total of 2,090 DDoS attacks. Ransomware attacks, meanwhile, were down 7% from the previous month with Lockbit 3.0 (30%), Black Basta (13.3%), and BlackCat (12.8%) remaining the most prevalent threat actors. Lockbit has been the most active group for every month of the year.
Sector-wise, all areas experienced a high volume of attacks. But Industrials (34%) were the most attacked vertical, followed by Consumer Cyclicals (18%), Healthcare (10%), and Technology (8.5%). The geographical distribution of attacks showed no surprises: North America suffered 84 attacks (45%), making it the most targeted region. Europe was next with 27%, then Asia with 14%.
Interestingly, ransomware attacks overall were found to be 50% lower than a year before. It seems likely, therefore that 2021 will remain the highest year on record – unless there is an unprecedented upsurge in ransomware to end the year.
Shift of Tactics
Make no mistake. Ransomware remains a potent threat. But stepped-up law enforcement efforts, better international legal collaboration, and organizations deploying a raft of ransomware protection solutions probably combined to lessen its impact.
The bad guys may be criminals, but they are not fools. They know what is going on. Thus, they have adjusted their tactics by increasing the volume of DDoS and launching more targeted ransomware campaigns. More than likely, 2021 was a freak year. Due to the success of ransomware in 2020, just about everyone among the cybercriminal gangs decided to get in on the act. Entire cybercrime supply chains formed up to facilitate ransomware. Lots of little outfits would probe enterprises for weaknesses. They would get a finder’s fee for passing on the details of a ripe target. More organized groups would then execute the ransomware attack and seek to collect the funds. Ransomware as a Service, too, emerged. Criminal developers created kits that could be sold to people with little or no computing experience. These developers got a cut of every successful extortion scheme.
But the unprecedented funds raised through ransomware let to a glut in the market in 2021. Hence, the downturn in 2022. That doesn’t mean ransomware will go away. It is expected to remain an important part of the cybercrime toolkit for some time to come. But stronger defences against it mean that the bad guys will turn to tried and tested means of breaking into enterprise IT systems.
They will scan networks looking for server, website, operating system (OS) and application vulnerabilities. They will scour the web for unpatched systems. When they find them, they will exploit them relentlessly. Bad actors know that items on the Common Exposure and Vulnerabilities (CVE) list remain weak spots in many organizations. Despite these threats being publicized broadly and patches and remediation steps being clearly laid out, a great many organizations fail to act. There are many cases on record of vulnerabilities remaining unremedied years after the issuance of a patch. We have known about Log4j, for example, for a year now yet it is still being exploited. Similarly, the Heartbleed exploit from 2014 remains something that the bad guys can exploit in some businesses.
Syxsense Protection
Syxsense Enterprise offers comprehensive vulnerability management, remediation, and patch management. It intelligently distributes patches with the click of a button without tying up bandwidth across the enterprise. It does this automatically, using technology that is designed to send software and patches across the wire once, using peer-to-peer within the network for local distribution.
Further features include:
- Patch supersedence addresses the fact that vendors sometimes include older updates in current patches. Therefore, if a company is deploying patches sequentially, it can place the new patch at the end of the queue and not deploy it immediately while it takes care of the oldest patches. However, the new patch a) may be higher priority, and b) includes the old patch in any case. The patch supersedence features of Syxsense would deploy the new patch and not the old one.
- Patch Roll Back: The last thing you want is for an update to cause incompatibilities in other systems. That’s why software vendors and IT departments conduct testing to ensure patches are benign. But despite the precautions, faulty patches can occasionally happen. Syxsense includes a patch roll back feature that allows you to return your systems to the state that existed before the implementation of the new patch.
- Testing and release within three hours: Hackers and cybercriminals move fast. There is no time to lose in installing patches. Within a couple of hours of a patch being released, Syxsense has tested it, validated it, and has it ready for distribution.
- Automation: With hundreds or even thousands of endpoints to manage, manual patch distribution is too slow. Syxsense is fully automated to ensure critical patches are implemented right away. There is no need to formulate scripts, hop from one screen to another, or manually push out patches to various destinations.
For more information, visit www.syxsense.com
