Report: 60% of security threats are precursors to ransomware

Did you miss a session at the Data Summit? Watch On-Demand Here.

New research from Red Canary has indicated that by developing robust detection coverage for the techniques adversaries abuse most often, security teams can achieve defense-in-depth against the many threats that leverage those techniques and the broader trends that dominate the infosec landscape.

The report is organized into three cascading sections: trends, the threats that comprise those trends and the MITRE ATT&CK® techniques that are leveraged by those threats. Each section includes extensive guidance that security teams can use to mitigate, prevent or detect the malicious activity described in the report. 

The biggest trend in 2021, not surprisingly, was ransomware. Counterintuitively, Red Canary doesn’t detect much ransomware, and the reason for that is probably the single most important takeaway from the report. Ransomware is almost always the eventual payload delivered by earlier-stage malicious software or activity; if you detect the threats that deliver the ransomware, you stop the ransomware before it arrives. So, how do you detect those threats? Focus on the techniques that adversaries are most likely to leverage. 

Of the top 10 threats Red Canary observed in 2021, 60% are ransomware precursors (i.e., threats that’ve been known to deliver ransomware as a follow-on payload). More staggering is that a full 100% of the top ATT&CK techniques have been used during an attempted ransomware infection. 

As an example, a significant plurality of ransomware infections involve the use of a command and control (C2) product called Cobalt Strike — Red Canary’s second-ranked threat. Cobalt Strike, in turn, leverages ATT&CK techniques like PowerShell, Rundll32, Process Injection, Obfuscated Files or Information and DLL Search Order Hijacking, all of which are in the top 10. If you develop broad detection coverage for those techniques, then you’ve got a great shot of detecting Cobalt Strike and preventing ransomware infections.

The report is based on analysis of the more than 30,000 confirmed threats detected across Red Canary’s customer base in 2021. 

Read the full report by Red Canary.

Originally appeared on: TheSpuzz