The average amount of time to complete a ransomware attack has fallen from two months to less than four days as cyber attackers continue to innovate to circumvent improved defences, according to a new report from IBM Security.
The company's annual X-Force Threat Intelligence Index found that ransomware attacks as a proportion of incidents fell slightly to 4% last year, and that defenders had become more successful in detecting and preventing attacks.
The deployment of backdoors, which allow remote access to systems, emerged as the top action by attackers last year, and about two-thirds of backdoor cases (67%) related to ransomware attempts, where defenders were able to detect the backdoor before ransomware was deployed.
The uptick in backdoors deployments can be attributed to their high market value. X-Force observed threat actors selling existing backdoor access for as much as $10,000, compared to stolen credit card data, which can sell for less than $10 today.
“The shift towards detection and response has allowed defenders to disrupt adversaries earlier in the attack chain - tempering ransomware’s progression in the short term,” said Charles Henderson, head of IBM Security X-Force.
“But it’s only a matter of time before today’s backdoor problem becomes tomorrow’s ransomware crisis. Attackers always find new ways to evade detection. Good defence is no longer enough. To break free from the never-ending rat race with attackers, businesses must drive a proactive, threat-driven security strategy.”
The report also found that extortion, primarily achieved through ransomware or business email compromise attack, was the favoured method of threat actors.
Europe was the most targeted region for this method (44%) as attackers sought to exploit geopolitical tensions, although Asia was the most targeted region overall, accounting for nearly a third of all attacks.

Thread hijacking, whereby attackers used compromised email accounts to reply within ongoing conversations posing as the original participant, doubled last year, and was used to deploy malicious software such as Emolet, Qakbot and IcedID.
Meanwhile, the proportion of known exploits relative to vulnerabilities fell 10 percentage points between 2018 and 2022 due to surging vulnerabilities. Cybercriminals have access to more than 78,000 known exploits, making it easier to exploit older, unpatched vulnerabilities
The findings indicate that legacy exploits enabled older malware infections such as WannaCry and Conficker to continue to exist and spread, with X-Force reporting an 800% increase in WannaCry ransomware traffic since April
Manufacturing, which is targeted for its extremely low tolerance for down time, was the most extorted industry in 2022 for the second successive year.
Attackers are also making ransomed data more accessible to downstream victims such as customers and business partners, increasing pressure on the breached organisation.
IBM Security said threat actors would continue experimenting with downstream victim notifications to increase the potential costs and psychological impact of an intrusion.
Additional findings include a 52% annual drop in hackers targeting credit card information, indicating a switch to prioritising personally identifiable information (names, emails, etc).
(Pic: Getty Images)











