Illustration by Alex Castro / The Verge
It’s why so many ransomware victims choose to give
Cybersecurity researchers at F-Secure set up honeypots – decoy servers facing the internet designed to be appealing to hackers – to track cyberattacks and cyber-criminal activity during the first half of 2019.
The Attack Landscape H1 2019 report details what they found and it shows that, when it comes to ransomware, brute force is the main means of infection vector, accounting for 31% of attempts to deliver file-encrypting attacks.
Brute force attacks – also known as credential-stuffing attacks – see hackers attempt to compromise servers and endpoints by inputting as many passwords as possible, usually with the aid of bots, just to see if any of them work against the target. The attacks are successful due to the number of systems that use default credentials or extremely common passwords.
Remote Desktop Protocol (RDP) attacks can also be conducted in this way, with attackers attempting to guess passwords in order to remotely gain control of internet-facing endpoints. It’s also possible for hackers to use underground forums to buy the usernames and passwords required to attack previously compromised endpoints.
But despite the rise in brute force attacks, spam and phishing remains a highly common attack vector for ransomware: almost a quarter of the ransomware attacks targeting F-Secure honeypots looked to deliver ransomware via email.
All it can take for an attack to potentially compromise an entire network is for one user to download a malicious attachment – especially if the network is running unpatched software or doesn’t have anti-virus. GandCrab ransomware was commonly distributed by email during the first half of this year.
Other methods attackers are using in attempts to deliver ransomware include compromised firmware, fake software, malvertising and specially constructed exploit kits – toolboxes containing various exploits for attackers to take advantage of – with each of these accounting for around 10% of attempted attacks.
With the report finding that all forms of cyberattack are on the rise, it might sound like a cause for concern for organisations of all kinda and in all sectors. However, researchers note that, with a few simple techniques, organisations can help themselves to remain secure.
These include keeping systems and applications patched and up to date, so
“Users can protect themselves by setting strong passwords to accounts, making sure RDP is used only when needed and have proper endpoint protection in place,” said Niemela.