Despite ransomware attack volumes rising 2.75 times over last year, intrusions reaching file encryption have declined threefold year-over-year, with the reduction driven by the increased adoption of automated attack detection and disruption systems, The Register reports.
Ninety percent of successful intrusions during the past 12 months have been facilitated by the exploitation of unmanaged network devices, with Akira being the most active ransomware variant, followed by LockBit, Play, ALPHV/BlackCat, and Black Basta, according to the Microsoft Digital Defense Report. Additional findings revealed that more widespread multi-factor authentication implementation has not deterred social engineering as the most common initial access vector in ransomware attacks, with various MFA-evading techniques employed by the hacking collective Octo Tempest, also known as 0ktapus and Scattered Spider, and Russian state-backed threat operation Midnight Blizzard, also known as Nobelium. "Operational security on the part of individuals is crucial in preventing this kind of attack. Individuals should monitor their online footprint to see what information is publicly available about them that a threat actor could use to impersonate them," said Microsoft.
