A recent threat report reveals a significant shift in cybercriminal tactics, indicating a noteworthy decline in the time it takes for them to deploy ransomware after initially infiltrating their targets.
Last year's average of 4.5 days has now plummeted, with cybercriminals now striking within the first 24 hours of gaining access, according to findings by cybersecurity firm Secureworks.
This alarming trend underscores the company's warning that 2023 may witness an unprecedented surge in ransomware attacks, with three times as many victims appearing on leak sites in May compared to the same period last year.
However, Secureworks highlights a caveat regarding leak sites as a metric for gauging the scale of the ransomware issue. Notably, the report emphasizes that leak sites may only represent around 10% of the total victims known to law enforcement.
Consequently, it urges caution when interpreting leak site data. Despite this, the aggregate data undeniably underscores the enduring appeal of ransomware and data extortion as lucrative criminal enterprises, posing a substantial threat to businesses.
Secureworks further reveals a disturbing statistic: in over 50% of its incident response cases, hackers managed to unleash their malware within a mere 24 hours of infiltrating the victim's network.
This marks a stark drop from the 4.5-day average observed last year. In 10% of cases, ransomware was deployed within a staggeringly short five-hour window from initial access.
Don Smith, VP Threat Intelligence at Secureworks Counter Threat Unit, sheds light on the driving force behind this reduction in dwell time. He posits that cybercriminals are motivated by a desire to minimize the chances of detection, as the cybersecurity industry has become more proficient at identifying precursors to ransomware attacks.
Consequently, threat actors are shifting focus towards simpler and faster operations, forsaking larger-scale, complex encryption events that span multiple enterprise sites. However, the risk posed by these expedited attacks remains significantly high.
Smith adds a cautionary note, emphasizing that despite the prevalence of familiar threat actors, the emergence of new and highly active threat groups is contributing to a notable surge in both victims and data breaches.
Even in the face of high-profile crackdowns and sanctions, cybercriminals exhibit a remarkable capacity for adaptation, ensuring that the threat continues to escalate at an alarming pace.