According to a new report, ransomware is expanding, diversifying, and making it much harder for businesses to defend against.
Elastic’s latest Global Threat Report (GTR) analyzed over a billion data points from the past 12 months to better understand the ransomware-threat landscape and found that almost every attack on cloud infrastructure starts with credential theft.
This coincides with the recent news that ransomware activity in September 2023 reached unprecedented levels with over 514 attacks, and cybersecurity threats have jumped by 40% in four years.
Defense Has Become a “More Tedious” Task
Elastic’s GTR observed malware signatures, endpoint behavior, and adversary campaigns. It also took a look at threat forecasts for the year ahead, having commented that ransomware was now a “much harder, tedious task” to defend against.
The report found that a blend of off-the-shelf tools and “highly prevalent” ransomware families made up the majority of the malware. Similarly, over half of observed malware infections targeted Linux systems and around 91% of malware signature events were recorded on Linux endpoints. This is in contrast to Windows that featured around 6%, likely due to threat actors lingering in platforms with low visibility.
🔎 Want to browse the web privately? 🌎 Or appear as if you're in another country?
Get a huge 86% off Surfshark with this Tech.co Black Friday offer.
There Could be Trouble in the Cloud
Businesses migrating from on-premises IT infrastructure and software solutions to cloud-based ones are particularly at risk, according to the GTR.
The pace and volume of businesses making the move to the cloud can result in lax access controls, unsecured credentials, and various misconfigurations, which could leave a once previously secure solution now susceptible to attack. Threat actors have recognised these flaws and are using them to deploy malware.
Elastic’s Head of Security Intelligence and Director of Engineering Jake King explained: “Today’s threat landscape is truly borderless, as adversaries morph into criminal enterprises focused on monetizing their attack strategies. Open source, commodity malware, and the use of AI have lowered the barrier to entry for attackers, but we’re also seeing the rise of automated detection and response systems that enable all engineers to better defend their infrastructures. It’s a cat-and-mouse game, and our strongest weapons are vigilance and the continued investment in new defense technologies and strategies.”
The Next Step in Ransomware Evolution
Only one year ago it took ransomware operators an average of four and a half days between initial access and deployment of the encryptor. Now that time has fallen to below a single day, with more than 50% of engagements deployed within 24 hours. In 10% of cases, that deployment time can be as little as five hours.
The reason behind this increase in speed is perhaps ironic. With cybersecurity teams ramping up their response to threats, hackers too have evolved to work faster. So there’s no doubt about it, we’re entering the “next step in the evolution of ransomware”, but what are the tangible steps you can take to better protect yourself and business?
From installing encryption software and using a VPN, to limiting access to critical data, there are a number of simple yet hugely effective cybersecurity measures you can take to defend against a ransomware attack and help prevent the GTR data increasing any higher.