Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Most ransomware attacks take place outside the working hours

Most of the ransomware attacks targeting the enterprises occur outside working hours, during the nighttime or during the weekend. Security experts from FireEye published an interesting report on the Ransomware deployment trends, it revealed that most of the attacks (76%) against the enterprise sector occur outside working hours. FireEye compiled the report using data from […]

Most ransomware attacks take place outside the working hours

Most of the ransomware attacks targeting the enterprises occur outside working hours, during the nighttime or during the weekend.

Security experts from FireEye published an interesting report on the Ransomware deployment trends, it revealed that most of the attacks (76%) against the enterprise sector occur outside working hours.

FireEye compiled the report using data from dozens of ransomware infections that it has investigated from 2017 to 2019.

49% of the ransomware deployments take place during nighttime over the weekdays, and 27% taking place over the weekend.

The timing of the ransomware attacks is not casual, attackers attempt to deploy the malware when the presence of the IT staff is reduced and the likelihood to be detected is low. Outside working hours the victims spend more time reacting to the intrusion.

The ransomware deployments are usually the result of a prolonged network compromise and intrusion, in many cases after the threat actors gain access to the network attempt lateral movements to infect the largest number of systems as possible.

The cybersecurity firm says that ransomware gangs breach a company’s network, spend their time moving laterally to as many workstations as possible.

“The majority of these incidents appeared to be post-compromise infections, and we believe that threat actors are accelerating use of tactics including post compromise deployment to increase the likelihood of ransom payment.” reads the report published by FireEye. “We also observed incidents in which ransomware was executed immediately, for example GANDCRAB and GLOBEIMPOSTER incidents, but most of the intrusions examined were longer duration and more complex post-compromise deployments.”

The report also reveals that the ‘dwell time,’ (the time between the first evidence of malicious activity compromise and the actual ransomware attack) is on average three days.

If initial infections are quickly detected and contained, the cost associated with the infection could be avoided.

Experts also analyzed initial infection vectors across multiple ransomware incidents, including RDP, phishing attacks, and drive-by-download of malware. The experts noticed that RDP attacks were more frequent in 2017, but declined in 2018 and 2019.

“Ransomware is disruptive and costly. Threat actor innovations have only increased the potential damage of ransomware infections in recent years, and this trend shows no sign of slowing down. We expect that financially motivated actors will continue to evolve their tactics to maximize profit generated from ransomware infections.” concludes the report. “We anticipate that post-compromise ransomware infections will continue to rise and that attackers will increasingly couple ransomware deployment with other tactics, such as data theft and extortion, increasing ransom demands, and targeting critical systems.”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – ransomware attacks, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]