Chris Swagler | October 17th, 2022

According to a ransomware defense report, despite the increased investment in ransomware-fighting tools, 90% of companies were affected by ransomware in some capacity in the last 12 months.

The main factor driving the allocation of security budgets, according to respondents, is the risk of attack through third-party vendors, followed by the increase in frequency and sophistication of ransomware attacks. Ransomware mitigation solutions for companies increasingly focus on the threat of account takeover as a precursor to this type of cyberattack. Numerous companies implementing or implementing multi-factor authentication have increased from 56% the previous year to 96% today. The percentage of employees monitored for compromised credentials increased from 44% to 73%. Cybercriminals have doubled down and expanded traditional tactics to circumvent companies’ defenses as they strengthen their password hygiene and invest in tools, including MFA.

Cybercriminals utilize several strategies to completely bypass authentication processes designed to improve security: deploying malware to personal devices to access corporate applications or pivoting to session hijacking with compromised cookies. Multi-factor authentication adds an important layer of security; however, it isn’t perfect. There have been recent warnings about using SMS authentication for MFA because motivated cybercriminals can intercept texts; however, push notifications and authentication apps aren’t completely foolproof or secure.

The defense report serves as a timely reminder of the importance of employee security education and improved security controls. Cybersecurity training for all employees needs to be required on a regular basis, teaching them how to recognize cybersecurity threats and mitigate them, including thinking twice before clicking a link or approving an MFA notification and using stronger passwords.

Recent cybercriminals’ tactics resulted in no decrease in overall cyber incidents. A survey shows that companies aren’t still being targeted and are increasingly likely to be targeted more than once: 50% were attacked at least twice, 20.3% between 6 and 10 times, and 7.4% more than 10 times. Companies should be concerned about unwitting insider threats and their cybersecurity measures failing to close gaps that can lead to ransomware attacks. Companies may be unaware that undetected malware infections on personal devices are the most dangerous of those gaps. According to our threat intelligence, companies are wasting time and money on solutions that can leave sensitive data exposed. Even though security teams can their companies’ data, cybercriminals can use it for more destructive activities, including their next cyberattack once it’s circulated on the dark web.

Reimaging an infected device without remediating applications can leave large gaps in companies’ security postures. 87% of respondents said that the credential-stealing malware, including RedLine Stealer, has increased their companies’ concern about unmonitored personal devices as potential entry points for ransomware. Unmanaged devices are a major concern because security teams can’t monitor them for threats, including malware and third-party application exposures. Cyber defenders often underestimate their malware-related risks because they lack visibility into their entire attack surface.

Effective ransomware prevention strategies need to focus on the entry points that security teams can’t see, cloaked attack surfaces, including third-party applications and unmanaged machines outside their standard monitoring purview. A single malware-infected device can compromise numerous corporate applications. Even though the malware was removed, the damage has been done unless all the applications are properly remediated post-infection, or doors will remain open for ransomware and other critical threats to companies. Additionally, companies need to always remain vigilant on the current threat landscape and regularly update their data network security framework.

At SpearTip, our certified engineers discover blind spots in companies that can lead to significant compromises by comparing technology and internal personnel. ShadowSpear Threat Hunting allows our engineers to evaluate the effectiveness of current technical controls and identify advanced malware, including ransomware and advanced persistent threats (APTs).

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.