Dive Brief: Remote-access tools were the primary intrusion point for ransomware attacks, accounting for 3 in 5 attacks last year, cybersecurity insurance firm At-Bay said Wednesday in a report.
Attackers primarily targeted perimeter-access tools in 2023, but shifted their focus from remote desktop protocol to targeting self-managed VPNs. These on-premises VPNs were linked to more than 3 in 5 ransomware attacks where remote access was the initial entry vector, according to At-Bay.
Network devices are common targets for financially-motivated and nation-state linked attackers.
Vulnerabilities in devices sold by Barracuda, Cisco, Citrix, Fortinet, Ivanti, Palo Alto Networks and others were widely exploited during the last year.
Ivanti zero-day exploits were linked to intrusions at Mitre Corp. and the Cybersecurity and Infrastructure Security Agency.
Boeing and Comcast were both impacted by attacks linked to exploits of the Citrix vulnerability, dubbed CitrixBleed.
Self-managed VPNs, especially the most popular among enterprises, were more troublesome with respect to ransomware attacks than cloud-managed VPNs or no VPN at all, according to At-Bay research.
Attackers are targeting everyone in the remote-access business and they don't always need to break in with exploits, Iram said.
At-Bay's report is based on claims information it received from customers and claims data analyzed by the insurer's researchers.
The company is currently fielding about 200 claims a month, according to Iram.
This Cyber News was published on www.cybersecuritydive.com. Publication date: Fri, 17 May 2024 10:43:06 +0000