Average time to complete a ransomware attack drops from months to days.
IBM's X-Force on the state of ransomware.
IBM has published its X-Force Threat Intelligence Index for 2023, finding that the most common impact from cyberattacks in 2022 was extortion.
Data theft extortion.
More than a quarter (27%) of attacks observed by IBM resulted in attempted extortion. Most of these involved data theft via ransomware or business email compromise (BEC) attacks. X-Force notes that attackers are finding new ways to turn up the heat in extortion attacks:
“Ransomware is a well-known method of extortion, but threat actors are always exploring new ways to extort victims. One of the latest tactics involves making stolen data more accessible to downstream victims. By bringing customers and business partners into the mix, operators increase pressure on the breached organization. Threat actors will continue experimenting with downstream victim notifications to increase the potential costs and psychological impact of an intrusion – making it critical that businesses have a customized incident response plan that also considers the impact of an attack on downstream victims.”
Time to complete a ransomware attack falls from months to days.
The researchers also note that the average time to complete a ransomware attack has decreased dramatically over the past several years. In 2019, threat actors would usually spend more than two months setting up their attacks. By 2021, they could achieve their goal in just under four days.
The report stresses that misconfigured or vulnerable domain controllers can open the door to ransomware:
“One particularly damaging way ransomware operators distribute their payload across a network is by compromising domain controllers. A small percentage, approximately 4%, of network penetration test findings by X-Force Red revealed entities that had misconfigurations in Active Directory that could leave them open to privilege escalation or total domain takeover. In 2022, X-Force also observed more aggressive ransomware attacks on underlying infrastructure, such as ESXi and Hyper-V. The potentially high impact of these attack methods underscores the importance of securing domain controllers and hypervisors properly.”