(844) 627-8267
(844) 627-8267

Remote-access tools the intrusion point to blame for most ransomware attacks | #ransomware | #cybercrime

Organisations using self-managed VPNs by Cisco and Citrix were 11 times more likely to experience a direct attack in 2023


Remote-access tools were the primary intrusion point for ransomware attacks, accounting for three fifths of attacks last year, according to cyber security insurance firm At-Bay.

Attackers primarily targeted perimeter-access tools in 2023, but shifted their focus from remote desktop protocol to targeting self-managed VPNs. These on-premise VPNs were linked to ransomware attacks where remote access was the initial entry vector, according to At-Bay.

“Attackers go after the same things. If you have a city that has walls around it, you’re going to go after the gate because the gate is a weaker point than the actual wall,” Rotem Iram, At-Bay founder and CEO, said last week at an Axios event on the sidelines of the RSA Conference in San Francisco.



Network devices are common targets for financially-motivated and nation state attackers. Vulnerabilities in devices sold by Barracuda, Cisco, Citrix, Fortinet, Ivanti, Palo Alto Networks and others were widely exploited during the last year.

Ivanti zero-day exploits were linked to intrusions at Mitre Corp. and the Cybersecurity and Infrastructure Security Agency. Boeing and Comcast were both impacted by attacks linked to exploits of the Citrix vulnerability, dubbed CitrixBleed.

Self-managed VPNs, especially the most popular among enterprises, were more troublesome with respect to ransomware attacks than cloud-managed VPNs or no VPN at all, according to At-Bay research.

“Organisations using self-managed VPNs by Cisco and Citrix were 11 times more likely to fall victim to a direct attack in 2023,” the report found. Self-managed Fortinet VPNs were five times more likely to be linked to a ransomware attack than cloud VPNs.

“Today, technology is basically use-at-your-own risk,” Iram said last week while previewing the research during the RSA Conference.

“Security is infinitely complex,” he said, “but at the end of the day, most of the attacks are very predictable.”

Attackers are targeting everyone in the remote-access business and they don’t always need to break in with exploits, Iram said. “They also walk in through the front door with credentials they stole.”

At-Bay’s report is based on claims information it received from customers and claims data analysed by the insurer’s researchers. The company is currently fielding about 200 claims a month, according to Iram.

“We’re never going to be able to get this risk to completely go away, but I think we need to bring it back to a level where an organisation doesn’t need to think twice about adopting technology,” Iram said. “To me, that’s the risk. If technology starts to add more risk than value, then it’s going to be detrimental.”

News Wires

Read More:

Source link


National Cyber Security