TASL

Digging Out the Most Common Ransomware Vectors in 2020

“How” is probably the first thing that comes to our mind when we witness our systems getting infected with ransomware. Cybercriminals make use of a variety of techniques to inject malicious code into targeted systems and encrypt/exfiltrate sensitive data. Watch out the most common ransomware vectors utilized by hackers in 2020 so far.
 
Remote Desktop Protocol (RDP) Compromise: RDP is a network communication protocol designed by Microsoft that allows users to remotely access the other computers. It has now become a very popular means of infecting networks and deploying ransomware. Nearly 60% of all ransomware attacks are a result of poorly secured RDP access points/ports. SamSam, GandCrab, CryptON and CrySIS are some examples of ransomware variants that spread via RDP. The security of the RDP is majorly impacted due to the poor password practice among users, making it easy for attackers to intrude and harvest credentials. Hackers utilise credential stuffing and brute-force attacks to crack the login credentials and gain access to the target machine. But now, attackers can also purchase RDP credentials for a very low cost on the dark web. Post getting the credentials, an attacker can easily circumvent existing security controls and start causing damage, including deleting/encrypting data backups, deploying ransomware, leaving a backdoor for future attacks, etc.
 
Some best practices to boost the security of the RDP include:
    • Use strong password
    • Change the default RDP port from 3389 to any other
    • Implement two-factor authentication
    • Conduct regular vulnerability scans
    • Maintaining logs and monitoring RDP
 
Phishing Emails: Transmitting emails containing malicious URLs and attachments has been the most preferred attack vector of ransomware operators for years. So far, in 2020, threat actors have remained successful in tempting victims to click on a malicious link redirecting to an infected website or download a malicious attachment after which ransomware automatically begins downloading. Attackers have improvised email subjects to catch the victims’ attention and make them believe that the mail is genuine. For instance, some common strains of ransomware have found using email subjects like overdue invoices, account discontinuation, and undelivered packages. In addition to email subjects, some ransomware operators have also noticed using geography-specific language in their emails to target the victims.
 
Glance through some preventive tips that may help you avoid falling victim to phishing:
    • Conduct a security awareness program to educate employees about evolving cyber threats and attack vectors
    • Follow good cyber hygiene
    • Open attachments from trusted users
    • Hover over the embedded link before clicking
    • Check sender’s email address first, if found anything suspicious
 
Software Vulnerabilities: Software vulnerabilities are the third most common vector used by attackers to deploy ransomware. Unpatched software is similar to a door without security that welcomes hackers and allows them to inject malware into the connected applications and network. They can easily exfiltrate data and cause maximum damage to the targeted systems. Regular vulnerability and threat scans are the best methods to discover and eliminate the known and unknown vulnerabilities in the applications/software.
 
Along with these three most common ransomware vectors, there are some other methods as well through which cybercriminals target victims. These methods include Drive-by Downloads, Malvertisements, Exploit Kits, Infected Mobile Applications, etc. Threat actors are making huge benefits by targeting industries across all verticals while implementing these above-mentioned methods. So, to minimise the risk of infection and safeguard your organization from growing ransomware attacks, it is essential to understand how ransomware commonly propagates. This will also help you identify the best security controls that can be placed to prevent ransomware attacks.
 
For comprehensive information about ransomware protection, connect with us at contactcs@tataadvancedsystems.com