How ransomware attacks are changing
To prevent ransomware attacks, it is becoming increasingly important to consider how they have evolved and the role that seemingly unrelated attacks (such as phishing) play in their success. Some attackers have changed tactics from extorting victims for the decryption of data to extorting victims by threatening the unauthorized release of their data. This change means that, rather than running malware that encrypts files, the focus has shifted to data exfiltration. Compromised identities offer one of the shortest, most reliable paths to access data and phishing is one of the most common techniques for gaining unauthorized access to a user’s account.
The unexpected role of the browser
Phishing is most closely associated with email, but a lack of enterprise browser security can have an even more significant role to play in credential theft and account takeover (ATO). Email, after all, is just a lure but the real damage starts in one of two ways:
- If and when a user clicks a malicious link and directly supplies their credentials to an attacker-controlled website. Once an attacker has valid credentials, they are effectively that user with all the corresponding rights and privileges.
- If and when a user clicks an HTML smuggling link or attachment that downloads malware to the victim’s machine. Regardless of malware type—whether it’s ransomware, a keylogger, or a tool designed to steal authentication tokens and session cookies—the attacker has established foothold in the enterprise.
Unfortunately, where, when, and how the damage stops is another matter entirely. Failure to prevent a ransomware attack that leverages these techniques results in a median time of one hour and 12 minutes to access data, according to analysis by Microsoft. However, even with such a tight timeline for the initial compromise, the full scope may not be known for months and the damages—in the form of ransom payments, lost revenue, settlements, unauthorized data disclosure, and reputational harm—may take even longer to manifest.
Preventing ransomware attacks via the browser is difficult
Preventing this new style of ransomware attack requires protecting identities and protecting identities requires fortifying the browser. Seraphic Security offers controls to prevent credential re-use, as well as protection against phishing and other web-based attacks.
For more information on how Seraphic Security can help you prevent ransomware by protecting identities and user credentials, visit our Product page, download the ESG Technical Validation of Seraphic or schedule a demo.