In 2021, there was a significant increase in the success of worldwide law enforcement activity, taking down various cybercrime groups and recovering money. As a result, some bad actors got spooked and dropped out. However, ransom activity continues to increase because it’s lucrative and attacks on mid-tier entities draw less attention from government agencies.
Small cybercrime groups still come and go, but the bigger groups are better organized and even more vicious, employing triple threat techniques: ransom, data leaks, and DDoS. In some cases, attackers even contact victims’ clients and partners.
Throughout 2021, the ConnectWise Cyber Research Unit (CRU) collected data regarding 500 cybersecurity incidents from its MSP partners and their clients. Of those 500 incidents:
- 40% were related to ransomware
- 25% were directly related to exchange vulnerabilities
- 10% were coin miners with some overlap
According to the CRU, phishing and valid accounts are the most-used techniques for initial access. While zero-days and exploiting public-facing applications are still major concerns, businesses can significantly reduce their attack surface by implementing common mitigation techniques such as email filters, user training, password hygiene, and MFA.
The CRU maintains that execution of cyberattacks is often performed using tools and applications built into the operating system, with PowerShell and Windows Command shell scripting being the most common vectors.
A SIEM can be a powerful tool for detecting these cyberattacks, especially if you enable PowerShell script block logging. Execution control, script blocking, and code signing are also suitable mitigations for dealing with these threats.
Ransomware attacks in Q3 2021 surpassed those of Q1 and Q2 combined. We expect that trend to continue in 2022. Make sure your organization is prepared with adequate cybersecurity measures to prevent cyberattacks.
Not sure where to start? Contact Yeo & Yeo Technology today.
Information used in this article was provided by our partners at ConnectWise.