As per the news floating around the internet, it claims that between early network access to malware release, cybercrimes in 2021 lasted an average of 92.5 hours. Ransomware attackers spent an average of 230 hours in 2020, compared to 1637.6 hours in 2019. This shift represents a more simplified approach that has evolved through time to improve the profitability of large-scale businesses. Improvements in incident response and threat detection, on the other hand, have forced threat actors to move faster, leaving defenders with a narrower reaction margin.
Access Brokers and Ransomware Operators
As per the sources, we came to know that researchers from IBM’s X-Force team gathered the information from occurrences analyzed in 2021. They also found that initial access brokers and ransomware operators were working together more closely. Previously, network access brokers would have to wait many days, if not weeks, to find a buyer for their network access.
Furthermore, several ransomware gangs now have direct control over the original infection channel, with Conti assuming control of the TrickBot malware operation as one example. Malware that infiltrates corporate networks is promptly exploited to enable the attack’s post-exploitation stages, which can take minutes to complete.
Cobalt Strike is commonly used for interactive connections, RDP for lateral movement, Mimikatz and LSASS dump for credentials, and SMB + WMIC and Psexec are commonly used for spreading payloads on network sites, according to ransomware actors. Many of the same tools were utilized by ransomware actors in 2019 but to varying degrees.
Need Faster Detection
According to the sources, the threat detection and response system performance improved in 2021 compared to 2019, but this was not enough, according to the researchers. Endpoint detection systems are the most impressive breakthrough in this area. Only 8% of targeted firms possessed such competence in 2019, but by 2021, that number had risen to 36%.
Moreover, based on security tool alerts, we found from the sources that IBM X-Force data shows that in 2019, 42 percent of attacked firms received timely warnings. In 64 percent of network intrusion occurrences last year, notifications were sent. While these numbers suggest that detection is improving, there is still a considerable gap that threat actors can exploit.
Conclusion
Despite the security improvements, ransomware remains a big concern, since attackers have chosen a more focused approach, relying on manual hacking to move within the victim network and keep a low profile until the attack’s last stage, system encryption.
What we understand according to the sources is that ransomware attackers have improved their speed. In April 2022, an IcedID malware infection resulted in the deployment of Quantum ransomware in just 3 hours and 44 minutes, according to a case study. In addition, the encryption procedure is now much faster. It’s often impossible to halt it before it does significant damage once it’s started.
