Wednesday, December 7, 2022
News
NEWS HOME
»
PRN INDIA
Secureworks State of the Threat Report 2022: 52% of ransomware incidents over the past year started with compromise of unpatched remote services
  SocialTwist Tell-a-Friend  
   

Analysis of the cyber threat landscape from the Secureworks ® Counter Threat Unit™ highlights key shifts in the tools and behaviors of adversaries across the world

ATLANTA, Oct. 4, 2022 /PRNewswire/ -- Secureworks ® (NASDAQ:SCWX), published its annual State of the Threat Report today, revealing that the exploitation in remote services has become the primary initial access vector (IAV) in ransomware attacks over the past year, accounting for 52% of ransomware incidents analyzed by Secureworks over the period (overtaking credentials-based attacks from 2021). Alongside this, there has also been a 150% rise in the use of infostealers, making them a key precursor to ransomware. Both these factors keep ransomware the primary threat for organizations, who must fight to stay abreast of the demands of new vulnerability prioritization and patching.

www.secureworks.com

The 2022 State of the Threat Report from Secureworks provides an overview of how the global cybersecurity threat landscape has evolved over the last 12 months, with a focus on the Secureworks Counter Threat Unit's™ (CTU) first hand observations of threat actor tooling and behaviors.

"We conduct thousands of incident response engagements every year. While ransomware remains the most prominent threat to businesses, we are tracking notable shifts in threat actor behaviors and their approach to campaigns. It's too simple to claim that ransomware as a service is slowing. Our research clearly shows a rise in Infostealers use and an evolution of tools and adversaries. The threat is changing, but it is not going away," states Barry Hensley, chief threat intelligence officer, Secureworks. "It's critical for organizations to stay ahead of the adversary with solutions that effectively prioritize risk, based on the most up-to-date intelligence. When businesses understand the nature of the threat, they can better focus resources and move quickly to optimize response."

Highlights from the Report Include:

  • Shift to exploiting vulnerabilities as primary initial access vector (IAV) over credentials-based attacks
  • Accelerated use of Infostealers as a means of enabling ransomware operations
  • Insights into the changing groups and threats associated with the continued dominance of ransomware
  • Changes and newcomers in the loader landscape
  • Tools and tactics of hostile government-sponsored groups across the world

The Onward March of Ransomware

Ransomware continues to remain the primary threat facing organizations accounting for more than a quarter of all attacks. Despite a series of high-profile law enforcement interventions and public leaks, and a small slow down over the summer months, ransomware operators have maintained high levels of activity.

The median detection window in 2022 is four and a half days, compared to five days in 2021. The mean dwell time in 2021 was 22 days but so far in 2022 is down at 11 days. Companies effectively have one working week to respond to and mitigate damage.

The number of victims listed on public "Name and Shame" sites continues to remain high with no year-over-year reduction. Despite some monthly fluctuations, the number of victims named in the first six months of 2022 is slightly higher at 1,307 than the 1,170 named in the first six months of 2021.

This year's Biggest Offenders based on Secureworks' incident response engagements are GOLD MYSTIC, GOLD BLAZER, GOLD MATADOR and GOLD HAWTHORNE. Notably, all of these groups are tied to Russia.

In some instances, the adversaries are making use of the fear surrounding ransomware to undertake lower tech crimes. Hack and leak operations where data is stolen and a ransom is demanded but no ransomware is deployed continued into 2022, with GOLD TOMAHAWK and GOLD RAINFOREST among the top culprits.

Vulnerabilities in Remote Services become the Biggest Issue

The 2022 State of the Threat Report from Secureworks also highlights that exploitation of vulnerabilities in internet-facing systems has become the most common initial access vector (IAV) observed. This is a change from 2021, when the dominant IAV was the use of stolen or guessed credentials.

As new vulnerabilities are discovered, developers of widely available offensive security tools used by threat actors are quick to incorporate new vulnerabilities into their tools, often meaning that even less sophisticated threat actors are able to exploit new vulnerabilities before security teams can patch.

The Rise of Infostealers

CTU researchers have seen an increase in the sale of network access sourced from credentials acquired by information stealers. In a single day in June 2022, CTU™ researchers observed over 2.2 million credentials obtained by Infostealers available for sale on just one underground marketplace; last year this figure on the same market with respect to the same stealers was 878,429. That's an increase year on year of over 150%.

The three main stealer markets include: Genesis Market, Russian Market and 2easy. There is a plethora of stealers for sale on underground forums but some of the major ones include Redline, Vidar, Raccoon, Taurus, and AZORult.  

Infostealers provide the means to quickly and easily obtain credentials that can be used for initial access, making them a major enabler of ransomware operations. Innovative distribution methods for Infostealers have included cloned websites and trojanized installers for messaging apps such as Signal.

A Change in the Loader Landscape

Between July 2021 and June 2022, two big names in the loader landscape disappeared (Trickbot and IceID) and two returned (Emotet and Quakbot). This indicates that groups are moving away from the complex, fully featured botnets that evolved from the early banking trojans towards more lightweight loaders that are easier to develop and maintain – a trend that has only increased with the use of post-exploitation tools such as Cobalt Strike.

Understanding the Nation-state Threat

The Secureworks CTU has tracked several significant activities which can be attributed to nation-state sponsored threat groups, including their motivations, behaviors and tactics

  • China: Chinese government sponsored groups are some of the most prolific and well-resourced threats in cybersecurity. Over the course of the ongoing Russia/Ukraine conflict, observed threat activity from Chinese government sponsored groups has targeted both Russia and Ukraine. A notable behavior from these adversaries is the use of ransomware as a smokescreen for intellectual property theft and cyberespionage, rather than for financial gain.
  • Russia: The war against Ukraine has been revealing for Russia's cyber capabilities. At the outset of the conflict there were wide fears of destructive attacks with wide scale repercussions as was seen with NotPetya in 2017. However, despite a steady cadence of cyber activity directed against Ukrainian targets, some of which is identifiably from Russian government-sponsored threat actors, no widely disruptive attacks have been successful. The most visible Russian threat group tracked by the CTU over the past year has been IRON TILDEN. This group is notable for spearphishing attacks conducted primarily against Ukraine but also against Latvia's parliament in April.
  • Iran: Links of Iranian threat groups to government have become clearer over the past year. Ransomware continues to develop as a theme across Iranian threat group activity although often it appears with the purpose of disruption rather than financial gain. Over the past year Secureworks incident responders have investigated COBALT MIRAGE ransomware attacks against organisations in Israel, the US, Europe and Australia and the team was able to identify the individuals behind the group.
  • North Korea: Multiple ransomware families have been linked to North Korea over the past 12 months, including TFlower, Maui, VHD Locker, PXJ, BEAF, ZZZZ, and ChiChi. The continued emergence and evolution of these ransomware families strongly suggests it is a stream of revenue that operators in the region will continue to pursue. Cryptocurrency and decentralized finance organizations have been a major focus of activity, and North Korean threat groups have reportedly stolen over $200 million USD from crypto exchanges since 2018.

State of the Threat 2022

The Secureworks CTU 2022 State of the Threat Report can be read in full here: https://www.secureworks.com/resources/rp-state-of-the-threat-2022

About Secureworks

Secureworks (NASDAQ: SCWX) is a global cybersecurity leader that protects customer progress with Secureworks ® Taegis™, a cloud-native security analytics platform built on 20+ years of real-world threat intelligence and research, improving customers' ability to detect advanced threats, streamline and collaborate on investigations, and automate the right actions.

Connect with Secureworks via  Twitter,  LinkedIn  and  Facebook  and
Read the Secureworks Blog

Logo:  https://mma.prnewswire.com/media/1558509/Secureworks_V1_Logo.jpg

Cision View original content:https://www.prnewswire.co.uk/news-releases/secureworks-state-of-the-threat-report-2022-52-of-ransomware-incidents-over-the-past-year-started-with-compromise-of-unpatched-remote-services-301639388.html

More News by PR Newswire India

CGTN: China sees off Comrade Jiang Zemin, pooling strength for striving forward

IIITH's social incubator, AIC-IIITH onboards startups for EPAM Social Impact Innovation Program

2022 Yidan Prize Summit: Providing a Platform to Spotlight Educator Development and Empowerment

Pharming announces publication of data from Phase 3 Study of leniolisib in patients with APDS in ASH's Blood

UST Collaborates with Intel and SAP to Digitize the Industry 4.0 Journey for Malaysian SMEs

Chandigarh University launches Mobile Science Bus; aims to cover 100% schools in Chandigarh

14th GREENSTORM GLOBAL PHOTO FESTIVAL BEGINS

Sahyadri Hospitals clocks 300 liver transplants

ĹžiĹźecam India launches IMPRESSIONS 2023, the First design book for Glass Industry in India featuring 25 Stalwarts from Architecture & Design community.

Bigger growth opportunities beckon for partners who rewrite the rules of cybersecurity with Infoblox

Cybersecurity resilience emerges as top priority as 62 percent of companies say security incidents impacted business operations

ViewSonic Introduces Its First Portable Monitor with OLED Technology for Creators

Vymo's Yamini Bhat recognized in BW Disrupt 40 under 40 for building one of the fastest-growing Enterprise SaaS companies globally

IBM and David Clark Cause Aim to Reduce Food Waste; Name AI-Powered Gardening App Winner of 5th Annual Call for Code

Locus Launches Delivery Linked Checkout, A First-Of-Its-Kind Integrated Capability Enabling Retail Businesses to Achieve Profitability in Last-Mile Logistics

20th Century Studios, Lightstorm Entertainment and James Cameron's AVATAR: THE WAY OF WATER Dives Into Visually Immersive ScreenX and Multi-Sensory 4DX Theaters

GWM Global Smart Plant Facilitates New Energy Transformation and Upgrading

New International Consensus on CGM Clinical Trial Metrics Aims to Spur Diabetes Treatment Advances

Healthcare Summit Convened to Address Maternal-Fetal Outcomes in Sub-Saharan Africa

Sonatype Applauded by Frost & Sullivan for Enabling Detection, Analysis, and Remediation of Vulnerabilities in SDLC with Its Nexus Platform

Midco launches rock-solid in-home wireless powered by Plume HomePass and OpenSync

Spiers New Technologies Recognized by Frost & Sullivan for Its Market Leadership in the Electric Vehicle Battery 4R Services Industry

inVia Robotics Earns Frost & Sullivan's 2022 North American Technology Innovation Leadership Award for Its Highly Differentiated Products and Robotics-as-a-service Model

Delta Controls Applauded by Frost & Sullivan for Its Innovative, Customer-centric Products and Competitive Strategy in Building Automation

Dubai-based DAMAC Group signs contract with Mandarin Oriental to manage luxurious resort in The Maldives

Counterpoint Whitepaper on The Rise of TECNO: TECNO plays a leading role in the premium evolution of the 5G Smartphone industry in Global Emerging Markets

Sungrow Volunteer Week: Call for More Actions Contribute to SDGs

APJ Financial Services: Akamai Research Shows APJ Surpasses North America in Web Application and API Cyberattacks Against Financial Services

G-P Announces New Chief Revenue Officer, Vernon Irvin

Arsenal and LABS Group announce new partnership

Clarivate Expands Real World Data and Analytics Solutions with Addition of U.S. Specialty Pharmacy Data

COP15: An International Conference on Solutions to the Underlying Causes of Biodiversity Loss

AppViewX continues to strengthen its presence in India; announces Deloitte Technology Fast 500 ranking for 2022

Aryaka Certified as an "Attractive Employer" by Great Place to Work® in the United States, India, and Germany

Addionics Applauded by Frost & Sullivan for Improving Rechargeable Battery Architecture with Its Smart 3D Electrode Technology

Softbrik: New Study reveals a 78% Increase in Voice Searches in India

The LEGO Foundation Announces Recipients of US$117 Million Global Challenge

Fremaux Delorme, French home linens for la Crème de la crème, now in India

Almost 30,000 enter #HalfTimeForOman competition as Oman celebrates the 2022 FIFA World Cup with a chance to win a free holiday

STL appoints Tushar Shroff as Group Chief Financial Officer

THE LEELA PALACES, HOTELS AND RESORTS LAUNCHES 'THE LEELA PALACE TRAIL' - A CURATED ITINERARY SHOWCASING THE QUINTESSENCE OF INCREDIBLE INDIA

Scytáles AB together with Netcompany-Intrasoft wins landmark EU Digital Wallet contract

Hinduja Tech Acquires Drive System Design, Expands Leadership in the Global eMobility Industry

Curadev Pharma Receives FDA 'Study May Proceed' Letter for its Investigational New Drug Application of CRD3874, an IV-Administered STING Agonist for the treatment of advanced/metastatic solid cancers

From Peace Corps to The Fashion Awards Red Carpet - Model, Pooja-Accamma Somaiah, continues her remarkable journey advocating for South Asian representation and breaking stereotypes in the fashion industry

Football and art come together in the first NFT exhibition of its kind

Great Place to Work® recognizes Xoxoday for its people-first culture

Standyou is facilitating fully funded scholarship-based admissions for higher education in more than 10 countries

MapMyGenome launches its affordable Pharmacogenomics solution MedicaMap covering more than 165 drugs

Trainocate Awarded 2022 Regional and Global AWS Partner Award

Aloe Vera of America Receives Award for Environmental Health Efforts

stake.link Delivers Liquid Delegated Staking to the Chainlink Ecosystem with Consortium of Node Operators

QATAR FASHION UNITED BY CR RUNWAY PRESENTS POST MALONE IN CONCERT ON 16 DECEMBER

Swarovski Group Employees Volunteer with Swarovski Foundation Partner Teach for Thailand to Support Equitable Education for Young People

Luxembourg selects Intersec for its new Public Warning System

Future Minerals Forum enlists think tanks to champion innovation and develop thought leadership

GWM Deepens Its Global New Energy Strategy

Firmenich announces Dragon Fruit as 2023 Flavor of the Year

Hisense Advances Growth Strategy in the Middle East Market, Stepping Up Its Globalization Efforts

MIT Technology Review Insights' Blue Technology Barometer weighs the state of oceans in its second annual ranking

Space Software Provider Antaris™ Announces Launch Readiness of World's First Cloud-Built Demonstration Satellite

Tusk Innovation Announces New Products 'Combo'

The Embassy of Italy is organizing the 7th edition of World Week of Italian Cuisine in India

Evolutio is First European Provider to Deploy Ribbon's Virtual C20 for Telecom Services

Delta Controls Applauded by Frost & Sullivan for Its Advanced Building Control Products, Seamless Systems Tech Developments, and Market-leading Position

Mintoak develops merchant solutions to fuel business growth for MSMEs

Inkspell, in partnership with NMIMS SOBA, brought an exclusive, in-person edition of the AdWorld Showdown 2022 - The Ultimate Battle of Branding & Advertising

ACE Green Recycling Signs Inter-Continental Offtake Agreement with Glencore

HRH Prince Mohammed bin Salman announces Sindalah, NEOM's first island development

MBA student bags a half-crore package with Microsoft, at Goa Institute of Management

Cinthol's new campaign reflects women's increasing aspirations of taking on challenging roles in nation building

Sai Life Sciences releases its Sustainability Report 2022

Prosus SICA announces India's most innovative assistive tech start-ups in 2022

IIIT Hyderabad to host 2nd annual Conference on Data Driven Tech on 17 Dec., 2022

'Heart failure is no longer Life failure' as JB Pharma decreases price of critical Heart Failure medicine AZMARDA (Sacubitril-Valsartan®) by nearly 50%

New Satellite Design Advances Fuel Market Growth for Satellite Propulsion Solutions

The 2022 ITOE Senior Care & Rehabilitation Expo Kicks Off

SafeTree: Embedded Insurance - Huge opportunity to increase Insurance Penetration in India

Stunning new acquisition for ever-expanding Icelandic hotel operator

All aboard the Heathrow Festive Express

Generators and Buses Powered By Yuchai Engines Featured in Football Premium events in Qatar

Tata AIA Life Certified as a Great Place to Work®, Enhancing Best Employer Reputation

Bucking trends ailing other edtech companies, upGrad-backed Harappa launches in the US with plans to upskill 55,000 managers in 3 years

Trina Solar vows to build a net-zero world with responsibility, technology and vision

TECNO and Google Strategically Partner to Upgrade User Experience

DTDC, one of India's leading integrated express logistics companies adopts global location technology what3words to revolutionise deliveries across India

Bitget shares Merkle Tree Proof of Reserves to enhance transparency

DEKRA Positioned for the Future Thanks to Focus on Safety, Security and Sustainability

Woxsen University concludes its Convocation Ceremony for MBA & B.Des Programs

Newland AIDC boosts its presence in India with the launch of a state-of-the-art service entity

BE OPEN Launches #BEOPENStaringAtTheSun Open Call to support UN's SDG7: Affordable and Clean Energy

ROLLER celebrates gaining Great Place to Work® certification

International Aluminium Institute Launches Report on the Industry's Contribution to the United Nations Sustainable Development Goals

GEEKOM's Christmas Gift for Wholesale Buyers - Lowest Mini PC Price When Order 10 Units

Sims Limited Pledges to Achieve Gender Balance in Executive Leadership by 2030

Unleash your creativity and passion for technology. Join NMIMS School of Design's B.Des. (Humanising Technology) program

 
 
TRENDING TOPICS
 
 
CITY NEWS
MORE CITIES
 
 
INDIA WORLD ASIA
Army's Eastern Command prepares for Vija...
Projects worth 40,000 cr to be launched ...
Hyderabad Police creates green channel f...
Individuals diagnosed with mental disord...
Telangana: KTR assures to extend Hyderab...
Calcutta HC tells Bengal govt to file re...
More...    
 
 Top Stories
Rock and Roll Hall of Fame member J... 
PM Modi welcomes Vice President Jag... 
Delhi civic polls: People will aven... 
UST collaborates with Intel and SAP... 
Parkinson's aid improved blood pres... 
Vice President Jagdeep Dhankhar off... 
Researchers reveal how metastatic c... 
Earthquake of magnitude 3 hits J-K'...