We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Today, IBM X-Force unveiled research that examined more than 150 ransomware engagements from the past three years and discovered there was a major decrease in the overall time between initial access and ransom requests.
The study revealed there was a 94.34% reduction in the average duration of ransomware attacks between 2019 and 2021, from over two months to just a little more than three days.
One of the main culprits for the increase in attack speed was found to be the initial access broker economy and ransomware-as-a-service (RaaS) industry. These provide cybercriminals with a repeatable ransomware attack lifecycle, with low-risk, high reward threats like the ZeroLogon vulnerability and CobaltStrike.
This has been worsened by MalSpam campaigns like BazarLoader and IcedID that increase the speed of access that have given security teams even less time to react before data is encrypted or exfiltrated.
Why are ransomware attacks on the rise
The research comes shortly after the release of Verizon’s Data Breach Investigations Report (DBIR) revealed that ransomware increased by 13% this year, and made up a total of 25% of security incidents.
As the RaaS industry becomes more developed, cybercriminals are developing highly effective and repeatable techniques they can use to break into enterprise environments, at a speed that most security teams cannot keep up with, particularly if they’re short-staffed or under-resourced.
“The criminal economies that support ransomware have continued to operationalize the business of ransomware and we’ve seen large increases in efficiency through things like the ransomware-as-a-service model, which has significantly lowered the barrier of entry for criminals to join in on the ransomware business or the rise of the initial access broker economy, which has dramatically increased the number of potential victims,” said John Dwyer, head of research at IBM Security X-Force.
Recent research from IBM found that the average breach lifecycle takes 287 days, with organizations taking 212 days to initially detect a breach and 75 days to contain it.
How enterprises can respond to fast-tracked ransomware
With the growth in these malicious campaigns, organizations need to take a more proactive approach to security if they want to keep ransomware attacks at bay.
“The research reaffirms the need for businesses to adopt a Zero Trust architecture, to reduce the pathways we’re seeing adversaries currently used to execute these attacks and to make it harder and more time-consuming for them to succeed,” Dwyer said.
Dwyer recommends that organizations prepare and practice their response process so they’re prepared for scenarios when security protections fail, with incident response playbooks to guide users on how to respond.
Enterprises can work to reduce the risk of intrusion by educating employees on security best practices, advising them not to click on links or attachments in emails from unknown senders, showing them how to select strong passwords and encouraging them to regularly patch the devices and applications they use.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.