Just when cybersecurity professionals were beginning to gain confidence in mitigation plans that involve automation, educating users about social engineering scams, and building adaptive security mechanisms, cybercriminals have delivered the unexpected: the rise of ransomware using “unknown” attack vectors.
This new revelation on April 17th Coveware Ransomware Report Security teams are once again left scratching their heads: these bad actors are becoming more sophisticated, malicious and creative.
The steadily growing category of “unknown” presents a significant challenge: how do you defend against threats you don’t even understand? If you can’t pinpoint exactly how attackers get in, how can you combat them with effective countermeasures? Security teams must peel back the layers of this “unknown” attack vector so that defenses can adapt and respond appropriately.
Why Known Attack Vectors Are Decreasing
Phishing has historically been one of the most common attack vectors for spreading ransomware. However, recent advances in email filtering, user education, and increased regulation have made organizations and users wiser. Remote access protocols have been a favorite vector for attackers, especially with the rise of flexible work arrangements. Over the years, organizations have increased the difficulty of attacks by implementing multi-factor authentication (MFA), strict access controls, and regular audits.
Discovering previously unknown or zero-day vulnerabilities is not easy, and the number of malicious actors exploiting them is growing. limitedHowever, despite these measures reducing traditional attack vectors, organizations cannot let their guard down.
Attackers are getting more sophisticated, so take the statistics with a pinch of salt
The decline in typical attack vectors doesn’t necessarily mean a decisive victory for security teams. Ransomware remains one of the most common attack types, 59% of organizations attacked last year. Attackers find new ways to exploit vulnerabilities. But they only have a limited number of ways to penetrate an organization. When we analyze deeper, we find that many of these “unknowns” are just old wine in new bottles – familiar threats wrapped in a different package.
For example, phishing attacks are often not reported by employees, leaving organizations unable to identify where malware on devices originally came from. This lack of reporting can lull organizations into a false sense of security. Some attacks are multi-stage exploits, with cybercriminals using a combination of different techniques and tactics, blurring the lines between different attack vectors and making it difficult to pinpoint the initial point of intrusion.
For example, many RDP compromises result from stolen credentials obtained via phishing or the dark web. Attackers can then exploit vulnerabilities in unpatched software to escalate privileges and move laterally within the network. Thus, unknown attack vectors can include sophisticated combinations of phishing, remote access attacks, unpatched software, and other vulnerabilities. This complex combination makes it difficult to categorize attacks into a single vector, leading to an increase in the “unknown” category.
How to improve your defenses against unknown threats
Known attack vectors, such as phishing, remain a primary entry point for adversaries, but their origins are becoming increasingly difficult to identify. Organizations must remain more vigilant than ever and focus on a defense-in-depth approach to cybersecurity that holistically addresses known threat vectors. As they do so, they will naturally find that mysterious, unknown vectors also decline.
Organizations must leverage a combination of user education and technology to combat the ever-present threat of phishing attacks. Ongoing education and training on phishing and social engineering tactics can help users identify suspicious emails, messages, websites, and spoofed voice calls (phishing), while advanced email filtering powered by AI/ML can enhance security by automatically detecting and blocking malicious messages.
Organizations should foster a culture of open communication so that employees are empowered to promptly report phishing attacks without fear of retaliation, allowing security teams to act quickly and preventing other employees from falling into a similar trap.
Organizations can improve remote access security through phishing protection Ministry of Foreign Affairs Also, restrict access to authorized personnel only. Conducting regular audits of your RDP configuration is equally important. In terms of response capabilities, monitoring access logs for anomalous activity can help detect attacks at an early stage and allow for quick intervention.
Automated patch management systems go a long way in keeping software up to date and safe from exploits. Attack Surface Management (ASM) tools that integrate with threat intelligence feeds continuously monitor and map the attack surface and identify vulnerabilities. They also prioritize risks based on likelihood and potential impact, and facilitate risk validation through focused penetration testing and red team exercises. These proactive exercises simulate real-world attack scenarios to test the effectiveness of defense and response strategies before an actual exploit occurs.
By strengthening defenses against known threats, organizations can also mitigate many unknown threats and build a more resilient security posture. In the coming years, vigilance and proactive measures such as security awareness training and real-world attack simulations will help teams manage ransomware that runs through unknown vectors.
Stu Sjouwerman, Founder and CEO of KnowBe4