Microsoft recently disclosed that they are monitoring over 100 different threat actors utilizing 50 unique ransomware families to attack businesses and organizations across the world. These attacks have been increasing in frequency, severity, and sophistication. The threat actors behind them are using a range of techniques to gain access to their targets, including exploiting unpatched software vulnerabilities, phishing attacks, and brute-force attacks against remote desktop protocol (RDP) endpoints.
In response to this growing threat, Microsoft suggests that defensive strategies should concentrate less on the payload and more on the sequence of events that lead to the ransomware’s deployment. Despite there being an overwhelming number of ransomware families at any given time, most threat actors employ the same tactics when carrying out their attacks, which go beyond phishing. Threat actors target servers and devices that have not yet deployed patches against common or recently known vulnerabilities, which is why swiftly patching vulnerabilities is crucial in preventing ransomware attacks.
Recently, Microsoft advised administrators to deploy the most recent Cumulative Update (CU) to secure on-premise Exchange servers and instructed users to remain prepared to install emergency security updates. More than 60K internet-exposed Exchange servers remain susceptible to attacks that take advantage of ProxyNotShell RCE exploits, while thousands of others still need protection from attacks targeting ProxyShell and ProxyLogon vulnerabilities, which were two of 2021’s most frequently exploited security flaws.
It is important to note that despite the number of attacks remaining steady, ransomware gangs’ income dropped by around 40% in 2022, as victims refused to pay ransom demands. While this is good news, it is important for businesses to remain vigilant and take steps to protect themselves against ransomware attacks. This includes regularly updating software, implementing strong passwords and multi-factor authentication, regularly backing up data and testing backups, and staying aware of new security vulnerabilities.
You can read more about this story at Bleeping Computer.