Ransomware Special Reports

How hackers find their way in By Ann-Marie Corvin

2022 is shaping up to be a vintage year for ransomware attackers. De - ployment of this malware has sky - rocketed in recent years, with more attacks reported in the first quarter of 2022 than in the whole of 2021, ac- cording to research by cyber security supplier WatchGuard. Unlike lightning, ransomware attacks are more than capable of striking the same place twice – with a recent Veeam ransomware trends report revealing that 75% of organisations have suffered two or more ransom - ware attacks in the past. But how do the hackers get in? The most likely entry point for an at - tack, according to most of the experts

we spoke with, involves phishing emails designed to trick employees into clicking malicious links or down - loading infected attachments. The reason this method is so preva - lent, according to SureCloud’s Raynor, is because “for all of the benefit of the additional controls, updates, network monitoring and software we apply to the network, humans remain predict - able, easy-to-fool bags of flesh.” While humans continue to be the weak link in most firms’ securi- ty plans, malicious actors are also getting more sophisticated in their phishing attempts and some scams are very hard to distinguish from legitimate emails.

Cian Heasley, security consultant at Adarma, explains that the larger ransomware groups are also shifting away from “scatter gun methods” of phishing, opting for more strategic ways to target victims. “As such, we’re seeing a trend towards spear phishing – which targets high value victims who are more likely to have the type of access ransomware operators seek, perhaps because of their job title,” Heasley notes. While firms can educate their staff to become more aware of these digital social engineering techniques, some other, more aggressive forms of ran - somware, can exploit security holes to infect computers without needing to trick users.


Powered by