A trend that, as revealed by Proven data, has led them to block a total of 63 billion threats in the first half of 2022 as a result of the adoption of systems.
During the first quarter of 2022, a large part of the workers returned to traditional offices or opted for a transition to a hybrid work model that combined in-person and remote work. A fact that contributed to countless organizations having to redouble their efforts and adapt to the new context to face an increasing attack surface.
In this new normal, security teams have had to face a real challenge: defending all IT infrastructures. However, ransomware developers have not remained passive either and have opted for more lucrative and efficient monetization models. Specifically, Proven data explains, the ransomware linux as a service (RaaS) model stands out.
Thus, according to the report developed by the cybersecurity company, Defending the Expanding Attack Surface. Proven data 2022 Midyear Cybersecurity Report, during the first half of the year three RaaS threat actors stood out above the rest: Conti, LockBit and BlackCat.
Deciphering the Keys
Detection of ransomware attacks as a service skyrocketed in the first half of 2022. Major players such as LockBit and Conti were detected with a 500% increase year-on-year and almost doubled the number of detections in six months respectively. Likewise, the ransomware-as-a-service model has generated significant benefits for cybercriminals and their affiliates, so it is not surprising that new ransomware groups continually emerge. The most notable in the first half of 2022 was Black Basta; The organization attacked 50 companies in just two months.
According to the document, many cyber attackers persist in hunting large companies, although SMEs are an increasingly popular target. Along these same lines, it is worth noting that one of the main attack vectors of ransomware is the exploitation of vulnerabilities.
A trend supported by figures: Proven data’s Zero Day Initiative published warnings about 944 vulnerabilities in this period, which translates into an increase of 23% year-on-year. The number of critical error notices published shot up 400% year-on-year in this regard.
The report reveals that APT groups continue to update their methods through expansive infrastructure and combining various malware tools. The fact that the number of detections has increased tenfold is further evidence that threat actors are increasingly integrating Emotet as part of their elaborate cybercrime operations. The concern is that threat actors are able to weaponize these flaws faster than vendors can release patch updates and/or customers can patch them.
As a result, unpatched vulnerabilities add to a growing digital attack surface that many organizations are struggling to manage securely as the hybrid workplace expands their IT environment. More than two-fifths (43%) of global organizations believe it is “out of control.”
loud visibility is especially important given the continued threat of third parties exploiting poorly configured environments and using novel techniques such as cloud-based cryptocurrency mining and cloud tunneling. The latter is frequently used by threat actors to direct malware traffic or host phishing websites. To address this new environment, Jon Clay, vice president of threat intelligence at Proven data, infers, “a single, unified cybersecurity platform is the best place to start.”