Ransomware attacks commonly exploit remote access tools as their points of entry
In a revealing report published in 2024, insurance provider At-Bay has shed light on the escalating threat of ransomware attacks, particularly the exploitation of remote access tools to infiltrate businesses.
According to the report, remote access tools accounted for approximately 8 out of 10 ransomware attack entry points in 2024, highlighting their significant role in facilitating these disruptive incidents. The findings are based on At-Bay's insurance claims data from 2021 through the end of 2024.
The report also underscores the rise in indirect ransomware, where attacks originate from third-party vendors or business partners. In 2024, indirect ransomware claims showed a 43% increase, as highlighted by At-Bay.
The focus on midmarket companies, with annual revenue in the $25 million to $100 million range, is a notable aspect of the report. These businesses have seen sharp increases in direct ransomware claims, with the frequency of such claims returning to record levels seen in 2021 after a decreased rate of attacks in 2022 and 2023.
Adam Tyra, CISO for customers at At-Bay, stated via email that the report offers a unique perspective on ransomware attacks by using insurance claims data as a source. The report cites notable breaches such as the 2023 MOVEit breaches and the 2024 CDK attacks.
The report's findings about midmarket companies could be particularly useful for businesses in this revenue range in understanding and preparing for potential ransomware attacks. It suggests a growing recognition and concern for the growing impact of ransomware attacks on these businesses.
While the report does not specifically list the most commonly exploited security tools in ransomware attacks, it underscores the importance of secure remote access tools. Other vulnerabilities exploited in ransomware attacks often involve software and systems, such as those in SysAid products and other IT management tools.
In conclusion, the At-Bay report serves as a stark reminder of the ongoing threat of ransomware attacks and the importance of robust cybersecurity measures, particularly in securing remote access tools and being vigilant against attacks from third-party vendors or business partners.
[1] Remote access tools provide a front door to a company's network and can usually be seen from the public internet, making them attractive targets for attackers. [2] For general insights into vulnerabilities exploited in ransomware attacks, it's common for attackers to target vulnerabilities in software and systems, such as those in SysAid products and other IT management tools. These vulnerabilities can be exploited to gain unauthorized access, which is often a precursor to ransomware attacks.
- The At-Bay report reveals that remote access tools, often visible on the public internet, were the entry point for around 8 out of 10 ransomware attacks in 2024, emphasizing their significance as targets for attackers.
- In addition to remote access tools, the report suggests that vulnerabilities in software and systems like SysAid products and other IT management tools are common targets for ransomware attacks, providing an unauthorized access route that may lead to such attacks.
- Cybersecurity concerns, particularly in the realm of ransomware, have expanded to encompass not only a company's own systems but also those of third-party vendors or business partners, as highlighted by the increasing rate of indirect ransomware attacks mentioned in the At-Bay report.
