"Bug Exploitation Now Top Ransomware Access Vector"

Security researchers at Secureworks found that vulnerability exploitation accounted for 52% of ransomware incidents over the past 12 months, making it the number one initial access vector for threat actors.  The researchers stated that exploitation of bugs in internet-facing systems was most favored by ransomware actors last year, rather than the use of credentials, often associated with remote desktop protocol (RDP) compromise and malicious emails.  The researchers noted that this shift in tactics may be down to a broader imbalance between threat actor and network defender capabilities.  The researchers stated that even with this shift, security teams still must guard against the persistent threat of credential-based attacks.  The researchers noted a 150% year-on-year increase in the use of info-stealers designed to grab credentials and gain a foothold on networks.  On a single day in June this year, the researchers claimed to have observed over 2.2 million credentials obtained by info-stealers, which were made available for sale on an underground marketplace.  The researchers stated that ransomware remains the number one threat for global organizations, accounting for more than a quarter of attacks analyzed.  The researchers noted that most threats are linked to Russian cybercrime groups.  During their research, the researchers also found that the median dwell time for attackers fell from 22 days in 2021 to 11 days so far this year.  The researchers stated that this is good news, but it still leaves attackers with plenty of time to steal data and deploy ransomware payloads.

Infosecurity reports: "Bug Exploitation Now Top Ransomware Access Vector"