Digging Out the Most Common Ransomware Vectors in 2020
Blog: NASSCOM Official Blog
“How” is probably the first thing that comes to our mind when we witness our systems getting infected with ransomware. Cybercriminals make use of a variety of techniques to inject malicious code into targeted systems and encrypt/exfiltrate sensitive data. Today, we will highlight the most common ransomware vectors used by hackers in 2020 so far.
- Remote Desktop Protocol (RDP) Compromise: RDP is a communication protocol commonly used to remotely login into Windows computers over a network connection. It has now become a very common means of infecting networks and deploying ransomware. Nearly 60% of all ransomware attacks are a result of poorly secured RDP access points/ports. SamSam, GandCrab, CryptON and CrySIS are some of the common ransomware variants that spread via RDP.
The security of the RDP is majorly impacted due to the poor password practice among users, making it easy for attackers to intrude and harvest credentials. Hackers utilise credential stuffing and brute-force attacks to crack the login credentials and gain access to the target machine. But now, attackers can also purchase RDP credentials for a very low cost on the dark web. Post getting the credentials, an attacker can easily circumvent existing security controls and start causing damage, including deleting/encrypting data backups, deploying ransomware, leaving a backdoor for future attacks, etc.
Some best practices to boost the security of the RDP include:
- Use strong password
- Change the default RDP port from 3389 to any other
- Implement two-factor authentication
- Conduct regular vulnerability scans
- Maintaining logs and monitoring RDP
- Phishing Emails: Transmitting emails containing malicious URLs and attachments has been the most preferred attack vector of ransomware operators for years. So far, in 2020, threat actors have remained successful in tempting victims to click on a malicious link redirecting to an infected website or download a malicious attachment after which ransomware automatically begins downloading.
Attackers have improvised email subjects to catch the victims’ attention and make them believe that the mail is genuine. For instance, some common strains of ransomware have found using email subjects like overdue invoices, account discontinuation, and undelivered packages. In addition to email subjects, some ransomware operators have also noticed using geography-specific language in their emails to target the victims.
Glance through some preventive tips that may help you avoid falling victim to phishing:
- Conduct a security awareness program to educate employees about evolving cyber threats and attack vectors
- Follow good cyber hygiene
- Open attachments from trusted users
- Hover over the embedded link before clicking
- Check sender’s email address first, if found anything suspicious
- Software Vulnerabilities: Software vulnerabilities are the third most common vector utilized by attackers to deploy ransomware. Unpatched software is similar to a door without security that welcomes hackers and allows them to inject malware into the connected applications and network. They can easily exfiltrate data and cause maximum damage to the targeted systems.
Regular vulnerability and threat scans are the best methods to discover and eliminate the known and unknown vulnerabilities in the applications/software.
Along with the three most common ransomware vectors, there are some other methods as well through which cybercriminals target victims. These methods include Drive-by Downloads, Malvertisements, Exploit Kits, Infected Mobile Applications, etc.
The article was originally published on Tata Advanced System Limited.