Skip to content

At The Identity Organisation, we're here to help!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038

    “Skillful Social Engineering of the IT Support Desk” One of the Most Common Tactics in Ransomware Attacks

    As ransom payments reach an all-time high, it’s time to look at attacks from a data perspective and find the greatest opportunities to stop these attacks.

    Every quarter, I’ve been covering the Quarterly Ransomware Reports from ransomware response company Coveware.  In their latest report covering Q3 of this year, we get a greater sense of what trends their security researchers are seeing from the data:

    • The average ransom payment made jumped up by 15% to just over $850K
    • The median size of company targeted remains in the mid-market at around 350 employees
    • We’re constantly seeing new players in the market – Q3’s number one player, Akira, was first spotted in Q2 and now is the top variant seen in attacks
    • “Unknown” has taken the top spot as the most prevalent initial attack vector

    This last one is interesting.  If you’ve read my coverage of these reports before, you know how much I hound on “email phishing” being at or near the top of initial attack vectors. But Coveware makes some interesting commentary on why “Unknown” is at the top.

    “A continued reliance of ransomware actors on access brokers who may establish a foothold weeks or months ahead of the actual incident, whose access points cannot be confidently proven due to the expiration of critical forensic artifacts from the time of initial access.”

    They also mention that “Stolen/leaked VPN credentials continue to be a valuable resource for big game hunters who leverage these persistent, legitimate access points without triggering the same alarms that leveraging a malicious foothold might set off.”

    Lastly, “Phishing remains prevalent despite the disruption of the Qbot botnet. Recent examinations of our data suggest phishing is more likely to be the predecessor to a data-theft-only extortion attack than it is for encryption-focused attacks.”

    It’s the complex nature of multiple threat groups working together via the cybercrime ecosystem – each playing a smaller role in what becomes a larger single attack – that creates the “inconclusive” nature of the initial attack vector.  But if you are reading between the lines of the commentary above from Coveware, it does become evident that both phishing and social engineering – something security awareness training helps fend against – are very much playing a role in these attacks.

    KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    Here’s how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser:

    Sign Up to the TIO Intel Alerts!

    Back To Top