Ransomware can take hold in just a matter of hours
The length of time it takes hackers to infect a system with ransomware has fallen significantly in recent years – dropping fivefold in just 48 months.
According to research from Secureworks, back in 2021 the average length of time between an attack starting and ransomware being deployed was five and a half days. It dropped to four and a half days in 2022, but has plummeted in recent months to under 24 hours. In around one in ten cases, malware is successfully installed within just five hours of an attack commencing.
Secureworks says these speeds aren’t solely down to hackers getting quicker (as you may expect), but could actually be partly due to detection authorities also getting better. The result is that, rather than slowing hackers down, improvements in detecting cybercrime activity has actually sped things up.
The company’s VP of Threat Intelligence, Don Smith, noted that detection improvements has forced a change in how hackers operate, with them now “focusing on simpler and quicker-to-implement operations, rather than big, multi-site enterprise-wide encryption events that are significantly more complex.”
Today, most ransomware attacks use three primary techniques, Secureworks says.
First is the so-called ‘scan and exploit’, where hackers become aware of specific vulnerabilities and go looking for anyone using these systems. With defensive holes already there, hackers can get in more easily (and know exactly how to do so).
Second is the use of stolen credentials – through login details lost in previous data breaches that can be used to gain access to otherwise private information or even entire systems.
Finally, hackers rely on phishing, where they use fraudulent emails and websites to claim to be from a reputable agency with the aim of tricking recipients into parting with passwords or key information.
Concluding its annual State of the Threat Report, Secureworks noted that the old advice remains true today, even in the face of changing threats: “Identify your assets and their location on your network, stay up to date with what is happening in the threat landscape, understand your risk profile, and use it to prioritize your control framework and your approach to vulnerability management.”