Stepping into 2024 feels like opening the latest best-selling mystery novel – you know there's adventure ahead, but the plot is still up in the air.
In the twist-riddled world of cybersecurity, we can't help but ask, What's next on the digital horizon? Sure, every business would like 2024 to be “less surprising” in terms of cyber threats, but let’s be honest, that’s not going to happen.
Even though we’re surely in for more than a few surprises in the coming year, there are ways we can be better prepared. So sit back and relax as we venture through some insights we’ve gained in 2023 and offer ways you can put them into practice in the coming year.
Prediction 1: Ransomware actors burning through zero-days
RDP (remote desktop protocol) has long been the initial entry vector of choice for ransomware groups, closely followed by the less-so sophisticated email. However the MOVEit and SysAid campaigns show change is brewing.
Rapid7 has observed an increasing number of zero-day vulnerabilities being exploited by ransomware groups, and it’s unlikely this trend will abate. Forget the mindset that ransomware actors just go after “the low hanging fruit”; they are now exploiting zero-day vulnerabilities at mass scale.
This trend is seeing criminal groups that to date have not demonstrated any real capable skills in gaining access to previously unidentified vulnerabilities, exploit them and gain a foothold into victim networks. This demonstrates that potentially something is afoot in the ransomware ecosystem. For organizations, the message is simple: get your vulnerability management and patching procedures in place and do it now. Being proactive when it co ..
Support the originator by clicking the read the rest link below.
