These devices exist outside of direct corporate management and provide a ransomware gang with unchecked platforms for encrypting data.
Microsoft's fourth annual Digital Defense Report for 2023 reveals that 80% of all ransomware compromises come from unmanaged devices and that 60% of those attacks use remote encryption.
Unmanaged devices consist of any device that connects to the network, cloud resources, or other assets without corporate-controlled security.
Some of this 11% includes the common and recurring problem of overlooked legacy endpoints such as laptops, desktops, and mobile devices.
This category also includes routers, switches, and Internet of Things devices that can't install traditional endpoint protection such as antivirus or endpoint detection and response solutions.
BYOD devices deliver another significant source of unmanaged devices unique to our post-pandemic working environment as many remote workers connect to corporate resources using their own devices.
Remote encryption performs ransomware encryption on a device beyond the security solutions monitoring for malicious activity.
Ransomware attackers seek access to devices with sufficient local memory to perform resource-intensive encryption.
The US Cybersecurity and Infrastructure Security Agency estimated that 90% of all successful attacks begin with phishing, which points at user's devices instead of routers, IoT, and other types of unmanaged endpoints.
While attackers often navigate laterally, network devices and IoT also lack the available memory to be common platforms for high volume encryption.
The best practice for security software installation starts with the primary user devices.
Users typically don't use old and slow legacy devices to check email and those devices typically lack the computing power that attackers need to perform remote encryption.
Various tools can be used for the key steps in these processes: add managed connections for BYOD devices, monitor data traffic and sources, and eliminate unmanaged corporate assets.
Add managed connections to BYOD devices to prevent completely unmonitored and unmanaged connections.
These solutions provide both indirect and direct control over BYOD devices without the need to install endpoint protections directly on the BYOD devices.
Basic VPN and IPS focus on the connections between internal resources and external threats, which ignores network devices or trusted VPN connections.
Anomaly detection, often enhanced using artificial intelligence, can both improve detection and block activity, but only when traffic routes through these devices.
Although BYOD may pose a more likely risk, asset control remains fundamental to security and the risk posed by the 11% of unmanaged devices must be addressed.
Attackers eagerly exploit unmanaged devices to perform remote ransomware encryption out of the sight of otherwise-effective security tools.
Every organization without effective asset discovery risks unmanaged assets within the network, but BYOD introduces the more likely risk, at least today, for both ransomware attacks and remote encryption.
This Cyber News was published on www.esecurityplanet.com. Publication date: Thu, 11 Jan 2024 22:13:04 +0000