In a research covering 37 countries and 36 different ransomware groups, Barracuda’s annual Threat Spotlight shows that nearly 44% of ransomware attacks were spotted during lateral movement. Barracuda, a leading provider of cloud security solutions, found that 25% of incidents were detected when the attackers wrote or edited files and 14% when their behaviour didn’t align with known activity patterns.
The research explored ransomware attack patterns in the last 12 months, from August 2023 to July 2024, analysing a sample of 200 reported incidents and concluded that 21% of attacks have hit healthcare systems, which is up by 18% from the previous year. In a similar pattern, 15% of attacks were against the manufacturing sector and 13% targeted technology companies. Surprisingly, in the education sector, the attacks reduced from 18% to 9% when compared with the previous year.
Ransomware-as-a-Service (RaaS) was the most prevalent ransomware attack model. The research also showed that LockBit was behind 18% of the attacks where the identity of the attacker was known. ALPHV/BlackCat accounted for 14% of the attacks while Rhysida was after 8% of them.
Adam Khan, VP, Global Security Operations at Barracuda Networks, commented upon the issue and said that, “Fortunately, there are tried and tested approaches that most attackers rely on, such as scanning, lateral movement, and malware download. These can trigger security alerts that provide security teams with several opportunities to detect, contain, and mitigate ransomware incidents before they have a chance to fully unfold. This is particularly important in IT environments where not all machines are completely secured.”
The company also conducted a detailed research of PLAY and 8base ransomware attack which found that attackers try to establish their hook on unprotected systems by hiding malicious files in rarely used music and video folders and launch the next cycle of their attack.
While fragile IT environments are prone to such attacks which can impair sensitive data, it is recommended that multilayered, AI-powered defence mechanisms be put in place to minimize the impact. Additionally, sectors must strengthen themselves with authentication and access policies along with security awareness training for employees to create a secure environment against cyberattacks.
From: financialexpress
Financial News
