In previous blogs, we focused on how cybercriminals utilise vulnerabilities in Remote Desktop Protocol (RDP), email and supply chains to drop ransomware onto an organisation’s systems. Although these are popular methods, they are by no means the only techniques used by those with malicious intent.
Read more articles from the series:
PART 1: Introduction to a ransomware series
PART 2: Ransomware: The many dangers of Remote Desktop Protocol
PART 3: Ransomware: How to provide a valuable layer of protection to email
PART 4: Ransomware: The need to protect the weakest link
PART 6: Ransomware: How to protect your company against attacks
Zero-day vulnerability
While cybercriminals can benefit from exploiting both known and unknown vulnerabilities, laying hands on a zero-day vulnerability is seen as the mother lode for bad guys. This is because a zero-day vulnerability is either unspecified to the vendor in question, or one that is known but does not yet have a patch to correct.
While zero-day vulnerabilities are generally the preserve of advanced persistent threat (APT) groups or state-sponsored actors because of the sheer time and resources required, this is not the time to switch off. A zero-day vulnerability is a serious business and something that businesses large and small need to be wary of. It is a constant game between cybercriminals finding vulnerabilities and vendors racing to plug the gaps. It happens with unerring regularity too. Barely a week goes by without a new zero-day vulnerability being discovered and dominating news column inches worldwide.
Long shelf-life vulnerabilities
It is not just zero-day vulnerabilities that organizations need to be cautious of. It’s almost five years on and the WannaCryptor (also known as WannaCry) ransomware is still a global threat to be reckoned with. The infamous trojan compromising machines vulnerable to the EternalBlue exploit topped ESET’s ransomware detections charts last year, accounting for over one in five (21.3%) of all detections in T2 2021.
Unfortunately, the long shelf life of vulnerabilities like WannaCryptor points toward poor update and patch management strategies in organisations. The importance of patch management mustn’t be underestimated. Patching systems close off potential avenues of attack and can prevent ransomware from getting into your organisation. Or if it does get in, it will reduce the damage.
Virtual private network (VPN)
The third vulnerability security admins and business owners need to treat seriously is the incorrect use of a virtual private network. With workers forced to work from home during the pandemic, global usage of VPNs exploded. VPN providers had to flex major muscle to handle the increase in overall internet traffic seen, not just from remote workers, but from those furloughed and on an entertainment streaming frenzy. According to independent research, demand for VPNs increased by 44% at the start of the pandemic and remains 22% higher than pre-pandemic levels.
However, using VPNs by workers adds an additional responsibility when it comes to updating the product as required. Not only should this focus on timely updates be pursued with vigour, but organisations should insist upon workers using multifactor authentication when signing into the VPN. Organisations should not take any chances but pursue comprehensive account resets if suspicions of credential abuse arise.
Ransomware is everywhere
Unfortunately, ransomware is everywhere. For further details on cybercriminals’ techniques to try to infiltrate your systems and data, please read other parts in our ransomware series. However helpless the situation may seem, be sure that providers are working tirelessly at fixing bugs and ensuring your security. Having a reliable digital security provider is key to minimising risks. Ensure you don’t cut corners but implement a comprehensive, award-winning security solution.