In a recent report, Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader, found that threat actors’ opportunistic behavior, which involves searching the internet for weaknesses and vulnerabilities to exploit, is consistent with the widespread usage of software flaws.
The 2022 Unit 42 Incident Response Report offers a variety of insights gleaned from Palo Alto Networks’ extensive incident response (IR) work, leveraging a sample of over 600 Unit 42 IR cases. This is to assist chief information security officers (CISOs) and security teams in understanding the greatest security risks they face, and where to prioritize resources to mitigate them.
Oscar Visaya, Country Manager for the Philippines at Palo Alto Networks, shared, “As cybercriminals find more ways to exploit these software vulnerabilities, organizations must take the necessary steps to minimize the risks for the company and its stakeholders. Organizations must ramp up patch management and orchestration to try to close these known holes as soon as possible.”
Moreover, the top incident types that the Incident Response team handled over the last 12 months were ransomware and business email compromise (BEC), accounting for about 70% of incident response cases.
The findings reflect local data of research company Statista where phishing became the most popular fraud scheme aimed at customers in the Philippines in Q1 2022.
Every four hours, a new ransomware victim is revealed on leak sites. Early ransomware activity detection is crucial for businesses. Usually, ransomware attackers are only identified after files have been encrypted and a ransom notice has been sent to the victim organization.
According to Unit 42, ransomware assaults had a median stay period of 28 days, which refers to the amount of time threat actors spent in a targeted environment before being discovered. In contrast to the results of the 2022 Unit 42 Ransomware Report, ransom demands have reached as high as $30 million, while real settlements have reached as high as $8 million.
Furthermore, threat actors are increasingly threatening to publicly release critical information if a ransom isn’t paid, which is something impacted organizations should be prepared for. In the same report, it was found that BlackCat Ransomware, which appeared in late 2021, had made the Philippines one of its primary targets.
Business email compromise
In business email compromise wire-fraud schemes, cybercriminals exploited a variety of techniques. Phishing and other forms of social engineering provide a simple and low-cost technique to get stealthy access while avoiding detection.
The report claims that cybercriminals frequently ask their unwitting victim for their login information only so they may steal it. Besides, the average amount taken in BEC attacks was $286,000, and the average stay period was 38 days once they gained access.
“Right now, cybercrime is an easy business to get into because of its low cost and often high returns. As such, unskilled, novice threat actors can get started with access to tools like hacking-as-a-service becoming more popular and available on the dark web,” said Wendi Whitmore, SVP and head of Unit 42 at Palo Alto Networks.
She added that the “Ransomware attackers are also becoming more organized with their customer service and satisfaction surveys as they engage with cybercriminals and the victimized organizations”.
Customers of Palo Alto Networks can use Cortex Xpanse for attack surface management to find systems that are exposed to the internet and are susceptible. It frequently detects systems that businesses are unaware are operating on the network.
Additionally, Cortex XDR, Prisma Cloud, Cloud-Delivered Security Services, and more solutions offer customers defenses against the exact vulnerabilities covered in this paper.