Cybersecurity: Compromised Passwords Leading Cause of Ransomware Attacks

A recent Robinson Cole blog cites some scary data from Beazley Security’s Third Quarter Threat Report.  This excerpt from the blog highlights the most common paths for ransomware attacks:

Significantly, the report notes that “the most common entry point was the use of valid, compromised credentials to access VPN infrastructure, which continued to grow in distribution this quarter. This trend underscores the importance of ensuring that multifactor authentication (MFA) is configured and protecting remote access solutions and that security teams maintain awareness and compensating controls for any accounts where MFA exceptions have been put in place.”

The next category was the exploitation of internet-facing systems and services. A smaller subset included “search engine optimization (SEO) poisoning attacks and malicious advertisements, observed as a method used for initial access in some Rhysida ransomware investigations. This technique places threat actor-controlled websites at the top of otherwise trusted search results, tricking users into downloading fake productivity and administrative tools such as PDF editors.”

The Beazley report also found, among other things, that ransomware activity increased sharply during August and September, and that the largest ransomware operators, Akira, Qilin, and INC Ransomware accounted for 65% of all ransomware cases during the quarter.