card

Web browsing is the primary entry vector for ransomware infections

18.08.2023
359

In the ever-evolving world of cyber threats, ransomware continues to be a formidable adversary, and its delivery methods are constantly evolving. Recent research by Palo Alto Networks has revealed a striking shift in the primary entry vector for ransomware infections, with web browsing taking centre stage as the most prevalent means of attack in 2022, accounting for a staggering 75.5% of all incidents.

The findings present a stark departure from the previous year, where ransomware was primarily delivered through email attachments, constituting 12% of attempts in 2022. This shift emphasises the adaptability and resourcefulness of cyber criminals, who constantly seek new avenues to exploit unsuspecting victims.

One of the most alarming revelations from the study was that ransomware binaries are frequently deployed from compromised websites. This serves as a stern reminder to site administrators about the pressing need to maintain up-to-date web applications running on a reliable VPN service, as attackers often exploit known vulnerabilities to inflict maximum damage.

Palo Alto Networks' extensive investigation involved tracking and analysing thousands of URLs and hostnames hosting ransomware. Unearthing the cunning tactics employed by ransomware gangs, the researchers discovered a plethora of tricks to evade detection and thwart takedown efforts.

One of the tactics employed is the art of deception, where attackers rotate different URLs and hostnames to deliver the same ransomware. Conversely, they also utilise the same URL to deliver various ransomware variants or even different types of malware, such as wipers, stealers, or loaders. This sophisticated approach challenges traditional security measures and makes it increasingly difficult to block malicious URLs effectively.

The data also unveiled a concerning trend where ransomware gangs capitalise on popular public hosting, social media, and media-sharing services to propagate their nefarious payloads. Furthermore, they hijack long-lived benign domains, previously considered trustworthy, to disseminate ransomware. This ingenious strategy exploits the good reputation of these services, allowing the URLs to escape the notice of many existing URL-blocking systems.

Perhaps most alarming is the discovery that third-party apps have emerged as a significant entry vector for ransomware infections, accounting for 8.2% of recorded cases in 2022. This highlights the need for heightened vigilance across all digital platforms and the need to hide expert VPN services to safeguard against these insidious attacks.

As the cyber threat landscape continues to evolve, individuals, organisations, and cybersecurity experts need to remain vigilant and adaptable. With ransomware attacks becoming increasingly sophisticated, the key to staying ahead lies in robust security measures, timely updates, and ongoing education to outsmart the ever-resourceful ransomware gangs. Only through collective efforts and a steadfast commitment to cybersecurity can we hope to turn the tide against this relentless digital menace.