According to Kaspersky Incident Response Analyst Report, “The nature of cyber incidents”, almost 43% of ransomware attacks investigated by Kaspersky experts in 2022 started with public facing applications’ exploitation.
Public facing applications are the ones that the public can access. These include web applications, mobile apps and VPN gateways.
An exploitation could be a software bug, a temporary glitch, or a misconfiguration. Hackers exploit these weaknesses to access a network. The report also found that the longest-running ransomware attacks began with the exploitation of public-facing applications.
Other sources of ransomware attacks
Data from previously compromised user accounts and malicious emails with 24% and 12%, respectively, are the next two major sources of ransomware attacks.
According to a separate IT Security Economics report, more than 40% of companies faced at least one ransomware attack in 2022 and SMBs spent an average of $6,500 for the data recovery. When it comes to large enterprises, the ransom amount averaged at $98,000.
“These figures reveal that ransomware attacks are still widespread and can hit any company at any time,” the report noted.
Hackers want user data
The report highlighted that the attackers’ goal was not extortion or data encryption, but the mining of personal data, intellectual property, and other sensitive information.
In most of these cases, known credentials had already been compromised.
“Continuing security issues with passwords, software vulnerabilities and social engineering become initial access vectors for attackers and provide them endless ways to perpetrate ransomware activities,” said Konstantin Sapronov, head of global emergency response team at Kaspersky.
In order to save business, companies are advised to set up and control a password policy, patch management, raise employee awareness and take regular anti-phishing measures.