Ransomware detection improves but attacks persist

Defenders have become more successful at detecting and preventing ransomware, but even so its share of incidents declined only four percentage points from 2021 to 2022.

The latest X-Force Threat Intelligence Index from IBM Security also finds that attackers continue to innovate, with the average time to complete a ransomware attack dropping from two months down to less than four days.

The deployment of backdoors, allowing remote access to systems, emerged as the top action by attackers last year. About 67 percent of those backdoor cases related to ransomware attempts, where defenders were able to detect the backdoor before ransomware was deployed. The uptick in backdoor deployments can be partially attributed to their high market value. X-Force has observed threat actors selling existing backdoor access for as much as $10,000, compared to stolen credit card data, which can sell for less than $10 today.

"The shift towards detection and response has allowed defenders to disrupt adversaries earlier in the attack chain -- tempering ransomware's progression in the short term," says Charles Henderson, head of IBM Security X-Force. "But it's only a matter of time before today's backdoor problem becomes tomorrow's ransomware crisis. Attackers always find new ways to evade detection. Good defense is no longer enough. To break free from the never-ending rat race with attackers, businesses must drive a proactive, threat-driven security strategy."

Among other findings from the report are that extortion is the most common impact of attacks in 2022, primarily achieved through ransomware or business email compromise attacks. Europe is the most targeted region for this method, representing 44 percent of extortion cases observed, as threat actors seek to exploit geopolitical tensions.

Email thread hijacking has also seen a significant rise in 2022, with attackers using compromised email accounts to reply within ongoing conversations posing as the original participant. X-Force observed the rate of monthly attempts increase by 100 percent compared to 2021 data.

The full report is available from the IBM site.

Photo Credit: Carlos Amarillo/Shutterstock