At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Most Ransomware Infections are Self-installed

    New research from managed detection and response (MDR) provider Expel found that most ransomware attacks in 2021 were self-installed. 

    The finding was included in the company’s inaugural annual report on cybersecurity trends and predictions, Great eXpeltations, published on Thursday. 

    Researchers found eight out of ten ransomware infections occurred after victims unwittingly opened a zipped file containing malicious code. Abuse of third-party access accounted for 3% of all ransomware incidents, and 4% were caused by exploiting a software vulnerability on the perimeter.

    The report was based on the analysis of data aggregated from Expel’s security operations center (SOC) concerning incidents spanning January 1 2021 to December 31 2021. 

    Other key findings were that 50% of incidents were BEC (business email compromise) attempts, with SaaS apps a top target. 

    More than 90% of those attacks were geared towards Microsoft O365, while assaults against Google Workspace accounted for fewer than 1% of incidents. The remaining 9% targeted Okta.

    Ransomware attacks accounted for 13% of all opportunistic attacks. The five most targeted industries in descending order were legal services, communications, financial services, real estate and entertainment. 

    In addition, 35% of web app compromises Expel responded to resulted in the deployment of a crypto miner.

    To protect against threats in 2022, Expel recommended implementing network layer controls to detect and block network communications to crypto mining pools and confirming event data recorder (EDR) coverage across all endpoints. 

    The company also advised forwarding computing resource alarms to a security information and event management (SIEM) software solution to flag overtaxed resources potentially deployed for crypto-jacking. 

    Other advice included defending the self-installation attack surface on Windows, deploying MFA everywhere, especially for remote access, patching and updating regularly and deploying EDR policies in block mode. 

    Users were also advised not to expose RDP (remote desktop protocol) directly to the internet. 

    “We founded Expel with a goal of bringing more transparency to security,” said Dave Merkel, CEO of Expel, on Thursday. 

    “Today we reach a new milestone tied to that commitment – we’re sharing the most important threats and trends our SOC identified last year and their advice on what to do about them.”

    With thanks to the Cyber Defence Alliance and info-Security Magazine. The full story is here: https://www.infosecurity-magazine.com/news/most-ransomware-infections-self/

    New-school security awareness training helps your users make smarter security decisions and stay on their toes with security top of mind. 

    Request A Demo: Security Awareness Training

    products-KB4SAT6-2-1

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    Save My Spot!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top