Vulnerability exploitation is top initial access vector for ransomware

Image from Unsplash

Ransomware remains the primary type of cyberattack targeting organizations, but the ransomware attack vector has shifted in 2022.

The State of the Threat Report from Secureworks found that cyber vulnerability exploitation in remote services has become the primary initial access vector (IAV) in ransomware attacks over the past year, accounting for 52% of ransomware incidents and overtaking the top spot from credential-based attacks from 2021.

Ransomware continues to remain the primary threat facing organizations, accounting for more than a quarter of all attacks, according to the report. The median detection window for ransomware in 2022 is four and a half days, compared to five days in 2021. The mean dwell time in 2021 was 22 days, but so far in 2022 is down at 11 days.

The exploitation of vulnerabilities in internet-facing systems has become the most common initial access vector observed. This is a change from 2021, when the dominant IAV was the use of stolen or guessed credentials.

As new vulnerabilities are discovered, developers of widely available offensive security tools used by threat actors are quick to incorporate new vulnerabilities into their tools, often meaning that even less sophisticated threat actors are able to exploit new vulnerabilities before security teams can patch.

For more cyber threat information, read the report.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.