Ransomware Surge & Living-Off-the-Land Tactics Remain Big Threats

Ransomware Surge & Living-Off-the-Land Tactics Remain Big Threats
Group-IB's and Rapid7's separate analysis of attack activity in recent months shows threat actors are making life harder for enterprise organizations in a variety of ways.

Data from two new vendor reports summarizing threat activity over the past few months shows that ransomware and living-off-the-land attacks continue to top the list of threats facing enterprise organizations.


One of the reports, from Singapore-based Group-IB, is based on an analysis of data gathered by the vendor's computer emergency response team.


It shows that more than half (54%) of all malicious emails in the first six months of 2019 contained ransomware — a sharp increase from just 14% during the same period last year. Ransomware activity topped all other threats between January and the end of June this year.


Meanwhile, a report from Rapid7, based on an analysis of threat activity in the third quarter of 2019, shows attackers are continuing to heavily use legitimate tools and services — PowerShell — to build on and continue malicious campaigns. The security vendor's analysis shows that phishing continues to be the top reason for organizations getting breached, but most breach detections don't happen until the malware execution stage. Here are five takeaways from the vendor reports.


Ransomware Remerges as a Major ThreatRansomware remerged as a major threat after seemingly being on the way out most of last year. In the first half of 2018, just 14% of the attacks that Group-IB tracked were ransomware-related, a sharp drop-off from the 40% recorded in 2017. Numerous vendor reports over the past year also have reported a steady decline in overall ransomware volumes and an increasing attacker focus on low-volume targeted attacks on enterprises. Group-IB's data for the first half of 2019 suggests that overall ransomware volumes have begun rebounding once again.


Alexander Kalinin, head of Group-IB's CERT, ..

Support the originator by clicking the read the rest link below.