Looking To Prevent Ransomware? Lock Down These Initial Access Methods First

Looking To Prevent Ransomware? Lock Down These Initial Access Methods First

Nearly three-quarters of all cyberattacks involve ransomware which means a majority of defenders are failing to detect ransomware successfully. The fact is, ransomware isn’t the first stage of the attack, it’s often the last stage; and cyberattacks usually get labeled or categorized as ransomware when data is encrypted or stolen and a ransom is demanded by cybercriminals.

The key to ransomware prevention isn’t discovering methods and tools that help defend against ransomware, which should be part of your ransomware recovery strategy. True ransomware prevention lies in identifying and cracking down on methods of initial access that ransomware operators abuse to get ransomware into the victim’s environment.

Key Initial Access Methods That Lead To A Ransomware Infection

Listed below are some of the most common vectors of initial access used by ransomware attackers:

Social Engineering

Most ransomware attacks start with a phishing email, a malware-laden attachment, link to a malicious website, etc. Victims are social-engineered or tricked into running a malicious program that infects their device, Ransomware groups are evolving their social engineering tactics faster than they are innovating technology to thwart victim networks

Unpatched Software

Threat actors are actively searching the internet for weaknesses in software code and zero-day exploits to break into their targets. More than 76% of vulnerabilities discovered between 2010 and 2019 are still being exploited by ransomware. In 2022, there were about 344 vulnerabilities that could be directly associated with ransomware and this number is growing approximately 19% year over year.

Password Guessing Or Cracking

Why break down windows when you can walk through the door? Threat actors are always looking for ways to steal or hijack user credentials so they can circumvent formal security controls and procedures. They do so by phishing people (creating fake login pages and getting them to enter credentials), by brute forcing passwords or by acquiring credentials from the dark web, of which there are only 24 billion.

Remote Access Services

Remote services such as VPN and remote desktop protocol (RDP) help attackers gain access to victim environments, elevate system access and install malware remotely. It’s worth noting that credentials are a prerequisite to hijacking remote access services and therefore, attackers will again phish users or brute-force RDP logins to breach access. There’s also been a surge in the selling of stolen VPN and RDP credentials on underground forums from a handful of initial access brokers.

Unintentional And Intentional Insider Threats

A quarter of all breaches in 2022 can be attributed to social engineering. When you add human error, misconfigurations and misuse of privileged access, the human element accounts for nearly 82% of all breaches. Attackers are known to leverage poor user practices as a means of delivering ransomware payloads to their targets. In some cases, attackers will even go the extra mile of bribing people. For example, the LAPSUSS ransomware gang famously offered $20,000 bribes to employees working inside of leading tech companies.

How Can Organizations Lock Down These Initial Access Vectors?

Let’s say you want to stop somebody from breaking into your house. One of the first things you must do is figuring how they will get in. A similar analogy applies to ransomware. If you want to prevent hackers from breaking in, you need to understand the most common ways an attacker can get in and then lock down those means of initial access. The above five methods pretty much sums up the initial stages of a ransomware attack and therefore it is important that all organizations focus on locking down these attack vectors by:

Strengthening Security Behavior In Employees: As mentioned earlier, the human factor is responsible for a vast majority of breaches. If employees are reminded of security best practices regularly (strong passwords, verify domain names, think before you click, pause before you download, etc.) and are trained at regular intervals using phishing simulations, testing, and coaching, then this can help develop a sixth sense to remain wary of suspicious emails, texts, etc.

Patching Systems Regularly: Clearly a no-brainer but data shows most organizations are not patching as regularly as they should be. Security teams should deploy a mechanism or process that keeps vulnerabilities in check, ensures that all software is up-to-date and all bug fixes are proactively applied.

Keeping Security Controls In Check: Endpoint detection and response (EDR), phishing-resistant multi-factor authentication, firewalls, anti-spam, password managers, offline backups, are important tools. It's also recommended that security teams disable RDP or limit its use to fewer individuals to prevent its exploitation or misuse. Security teams must also analyze logs, scan for vulnerabilities, and monitor endpoints regularly for any traces of initial access or suspicious activity.

Ransomware is a symptom, not a root cause. Treat your root causes first and watch your symptoms go away. Lock-down the most common methods of initial access by practicing a defense-in-depth approach and this will go a long way in making your organization resilient to ransomware extortion and breaches.

Featured

  • Integration Imagination: The Future of Connected Operations

    Security teams that collaborate cross-functionally and apply imagination and creativity to envision and design their ideal integrated ecosystem will have the biggest upside to corporate security and operational benefits. Read Now

  • Smarter Access Starts with Flexibility

    Today’s workplaces are undergoing a rapid evolution, driven by hybrid work models, emerging smart technologies, and flexible work schedules. To keep pace with growing workplace demands, buildings are becoming more dynamic – capable of adapting to how people move, work, and interact in real-time. Read Now

  • Trends Keeping an Eye on Business Decisions

    Today, AI continues to transform the way data is used to make important business decisions. AI and the cloud together are redefining how video surveillance systems are being used to simulate human intelligence by combining data analysis, prediction, and process automation with minimal human intervention. Many organizations are upgrading their surveillance systems to reap the benefits of technologies like AI and cloud applications. Read Now

  • The Future is Happening Outside the Cloud

    For years, the cloud has captivated the physical security industry. And for good reason. Remote access, elastic scalability and simplified maintenance reshaped how we think about deploying and managing systems. But as the number of cameras grows and resolutions push from HD to 4K and beyond, the cloud’s limits are becoming unavoidable. Bandwidth bottlenecks. Latency lags. Rising storage costs. These are not abstract concerns. Read Now

  • Right-Wing Activist Charlie Kirk Dies After Utah Valley University Shooting

    Charlie Kirk, a popular conservative activist and founder of Turning Point USA, died Wednesday after being shot during an on-campus event at Utah Valley University in Orem, Utah Read Now

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.