- Microsoft is testing a free desktop version of Office - but there's a catch
- Open source software vulnerabilities found in 86% of codebases
- How to turn on Siri's new glow effect on iOS 18 - and other settings you should tweak
- GoDaddy review: Easy and reliable web hosting for small sites and beginners
- Only a Fifth of Ransomware Attacks Now Encrypt Data
Only a Fifth of Ransomware Attacks Now Encrypt Data
Ransomware actors are largely eschewing encryption, with at least 80% of attacks last year focusing solely on exfiltrating data, as it is quicker and easier, according to ReliaQuest.
The threat intelligence vendor claimed in its Annual Cyber-Threat Report that exfiltration-only ransomware attacks are 34% faster.
After initial access, “breakout time” typically takes just 48 minutes, although some groups manage to achieve lateral movement in as little as 27 minutes, giving network defenders little time to react.
ReliaQuest highlighted several trends from 2024 worth noting.
Service accounts were a major Achilles heel last year, with compromised accounts present in 85% of breaches.
These are often overprivileged but then forgotten by security administrators, providing an easy and attractive target for threat actors. “Kerberoasting” and credential dumping are popular techniques for compromising such accounts.
The report also drew attention to the problem of insufficient logging, which leaves massive detection blind spots for adversaries to exploit, claiming that this is the number one cause of breaches.
Finally, two-thirds of critical hands-on-keyboard incidents involved legitimate software like remote access tools last year, and a quarter of active intrusions started with exploitation of public-facing applications, according to the report.
ReliaQuest recommended organizations improve security posture via the following:
- Use AI and automated workflows to reduce mean-time-to-contain threats
- Improve detections by enhancing monitoring/ logging
- Ensure all devices are monitored and protected with endpoint security
- Use secure VPNs because those lacking multifactor authentication (MFA) or device-based certificates allow attackers to exploit stolen credentials and gain network access
- Limit external exposure by patching vulnerabilities in internet-facing devices promptly
- Maintain vigilance around social engineering tactics, especially those targeting IT teams
Michael McPherson, ReliaQuest SVP of technical operations, argued that acting quickly is critical when it comes to cybersecurity.
“Attackers are moving faster than ever, which means our defenses must speed up as well. Manual responses are no longer sufficient to stop today’s threats,” he added.
“We have to take advantage of automation and AI to stay ahead. Agentic AI is now taking this even further and is capable of processing security alerts 20 times faster than traditional methods with 30% greater accuracy at identifying true threats to the business.”
