Is 2019 the year of ransomware…again?
Yes, according to new research. Security analysis has found that ransomware attacks have doubled in 2019 compared to 2018. So it appears that it’s the year of ransomware…again.
If that’s not startling enough, hackers are using your own passwords to infect your systems with ransomware.
In the Attack Landscape H1 2019 report, security researchers analysed ransomware attacks on honeypots – servers designed to be appealing to hackers – during the first six months of 2019.
The research found that brute force attacks, whereby hackers attempt multiple logins using common or leaked passwords to break into accounts, overtook phishing and spam emails as the number one vector for infecting a business with ransomware.
31% of all ransomware attacks were the result of brute force attacks against Remote Desktop Protocols (RDPs) which, if unsecured, allow hackers to gain access to your business network and infect your servers and PCs with ransomware.
The increase in brute force attacks should be a wake-up call to businesses using weak or common passwords to secure their critical business systems.
Hackers will use the most common passwords, as well as those leaked in data breaches, to essentially hammer your systems with credentials until one works. But if you think you’re safe because your credentials have never been leaked, or your password is complex and uncommon, the hackers can still get around that.
As our security expert, Grant Campbell, detailed in his blog on choosing the best password, hackers have another tool in their arsenal that allows them to ‘crack’, or generate, passwords, based on combining all possible combinations into a phrase.
You might look at that last statement and feel a little hopeless; surely, in that case, they can crack any password? But you’d be wrong. The key to your passwords is not complexity or how uncommon it is, but length. That’s why we recommend passwords that are long, but not necessarily jammed with complex characters; think of phrases you’ll definitely remember. Depending on its length, it may take billions or even quindecillions of years to crack. Find out more about that, and enjoy some cat-based password content, in Grant’s blog.
It’s also critical to never re-use passwords. If, for example, you used your highly secure password for your Yahoo account, which was breached, and re-used it for another service, hackers could easily crack that service too. By adopting a password policy of using memorable phrases with no or limited complex characters, you’re far more likely to remember individual passwords and, thus, not feel the need to re-use them.
This isn’t to say you should focus solely on creating strong passwords to protect your business. While phishing emails are no longer the primary vector for infecting victims with ransomware, they still account for a quarter (23%) of all successful attacks. The other 46% include compromised firmware attacks, the download of fake installers and hacked software.
The key to keeping your business safe is a synchronised approach to security. While this study highlights the urgency of ensuring secure passwords on your critical systems, it also evidences how many different methods hackers will use to infect your business systems and extort money out of you.
We strongly recommend you review your own password policies to avoid falling victim to a brute force attack that could see hackers gain access to your internal systems and feasibly infect your entire network with malware. But don’t forget to train your staff on spotting phishing emails or preventing the download of innocent-looking applications that could stealthily install malware, too…
Don’t know where to start? Why not talk to TSG’s highly qualified security experts to understand how best to protect your business.