Companies invest more in ransomware protection
The SANS Institute, the world’s leading provider of cybersecurity training and certification, presents the results of its Ransomware Defense Report 2022. The last two years have been under the impression of massive ransomware attacks. At the same time, detection and response technologies have evolved in cybersecurity. Many companies are successfully focusing on preventing ransomware and malware attacks to better detect attackers. Many companies are currently relying on solutions and platforms that enable a holistic view of the IT systems.
The main results indicate the following trends:
- From the point of view of the attackers:
- Attackers are getting better at gaining greater knowledge about the operating systems and IT systems of the target companies.
- They become faster at exploiting the “weaponization” of identified vulnerabilities and errors.
- They are using more and more fileless or malware-free attacks.
- From the point of view of the defenders:
- Further use of enhanced automation.
- You will get better at fending off “Remote Access Abuse” and “Fileless Malware”.
- Important approaches for detecting ransomware are encrypted traffic analysis (ETA), moving target defense (MTD) and AI event aggregation, correlation and intrusion prevention.
Study author and SANS instructor Matt Bromiley explains: “Unfortunately, the years 2020 and 2021 have laid the foundation for ransomware groups to make a big deal out of the suffering of their victims. Although ransomware is not a new cyber threat, attackers will continue to modify their TTPs to maximize their chances of success and evade detection. This is both a challenge and an opportunity for IT security teams, even if it can shift the priorities for their detection and prevention measures.”