"Most Ransomware Infections are Self-installed"

New research from managed detection and response (MDR) provider Expel found that most ransomware attacks in 2021 were self-installed.  The finding was included in the company’s inaugural annual report called  Great eXpeltations.  Researchers found eight out of ten ransomware infections occurred after victims unwittingly opened a zipped file containing malicious code.  Abuse of third-party access accounted for 3% of all ransomware incidents, and 4% were caused by exploiting a software vulnerability on the perimeter.  The report was based on the analysis of data aggregated from Expel’s security operations center (SOC) concerning incidents spanning January 1, 2021 to December 31, 2021.   Other key findings in the report were that 50% of incidents were BEC (business email compromise) attempts, with SaaS apps a top target.  More than 90% of those attacks were geared towards Microsoft 365, while assaults against Google Workspace accounted for fewer than 1% of incidents.  The remaining 9% targeted Okta.  The researchers stated that ransomware attacks accounted for 13% of all opportunistic attacks.  The five most targeted industries in descending order were legal services, communications, financial services, real estate, and entertainment.  The researchers noted that 35% of web app compromises Expel responded to resulted in the deployment of a crypto miner.  Expel recommends organizations implement network layer controls to detect and block network communications to crypto mining pools.  Organizations should also confirm event data recorder (EDR) coverage across all endpoints to protect against threats in 2022.

Infosecurity reports: "Most Ransomware Infections are Self-installed"