More than half of 2023's ransomware attacks exploited remote access vulnerabilities
In 2023, ransomware claims increased 64% compared with the year prior, At-Bay reports.
Ransomware did not just increase during 2023, it evolved as hackers increasingly leveraged “indirect” ransomware attacks and focused more attention on cracking remote access tools, according to At-Bay, Inc. In 2023, 58% of ransomware incidents exploited weaknesses in remote access systems.
The cyber insurance provider noted that hackers target remote access tools because they are gateways to the network, At-Bay reported. In addition, remote access programs typically lack strong security controls, and are often misconfigured or poorly managed.
More than 60% of attacks where remote access was the entry vector were tied to self-managed VPNs, according to At-Bay.
This is a shift from prior years when hackers mainly targeted weaknesses in remote desktop protocol (RDP) as the initial point of entry. The change occurred because organizations strengthened security around RDP infrastructure.
At-Bay reported that this data could be skewed slightly, as its underwriting systems are designed to detect risky RDP configurations.
As such, most other cybersecurity firms are still reporting RDP-based attacks as the leading ransomware issue. However, VPN-focused attacks are “catching up in terms of an initial entry vector,” according to the cyber insurance provider.
Popular self-managed VPNs from Cisco and Citrix were 11 times more likely to fall victim to a direct ransomware attack when compared with cloud-managed VPNs or having no VPN at all.
More ‘indirect’ ransomware attacks
During 2023, there was a 64% year-on-year increase in ransomware attacks. This growth was primarily driven by indirect ransomware attacks, which increased 415% this past year. An indirect attack is one where an organization is impacted by a successful cyberattack on a vendor or partner.
Direct ransomware attacks increased 17% in 2023, At-Bay reported.
Much of the growth of indirect attacks stems from the MOVEit event, which saw hackers exploit vulnerabilities in the file transfer software that was used by thousands of organizations.
Although ransomware claims frequency increased this past year, the cost on a per claim basis declined 24% in 2023 as more businesses successfully restored data from backups, At-Bay reported. Companies that cannot restore data from backups were three times more likely to pay a ransom and faced higher business interruption costs.
Related: