Since last year, attacks based on ransomware have increased around the world. Although the number of offensives has decreased globally, France “recorded the highest rate of ransomware attacks”says Sophos. In fact, 74% of French companies surveyed were targeted by cybercriminals specializing in extortion and data theft.
Also read: a record ransom was collected by cybercriminals in 2024
VPN, favorite entry point for ransomware
According to a study carried out by Corvus Insurance, a large part of these cyberattacks are actually based on vulnerable VPN accounts. Poorly protected, these accounts served as an entry point for cybercriminals. The results of the study show that 28.7% of attacks result directly from unauthorized access to a VPN.
Corvus Insurance says the number of VPN-based extortion operations has exploded quarter over quarter. As a reminder, VPNs are used to secure remote connections to the company’s internal network. As Jason Rebholz of Corvus Insurance explains, “Attackers are focused on finding the least protected path into an enterprise to launch an attack, and in Q3, that entry point was the VPN.”
For the record, cybercriminals also used a compromised VPN account during the famous cyberattack on the oil pipeline manager Colonial Pipeline. In 2021, the American manager was forced to suspend all its activities following a ransomware infection. The investigation by Mandiant researchers quickly demonstrated that the hackers used the corporate VPN account of one of the employees to penetrate the Colonial Pipeline network. The offensive almost deprived the entire American east coast of diesel and gasoline.
Credentials too easy to hack
Too often, VPN accounts are secured with weak identifiers and passwords that are already compromised, or too easy to guess. The pin study “common usernames like “admin” or “user””which greatly facilitate the work of hackers. Combined with passwords that are too simple, stolen or recycled, these names open the door to intruders…
While data leaks continue throughout the world, and more particularly in France, hackers have enough information to carry out their activities without pitfalls. On black markets, hackers can unearth a mountain of repositories of data, including pairs of usernames and passwords. If these also help secure a corporate VPN account, they can orchestrate their ransomware attack. This is why you should not recycle your passwords.
“Attackers exploit publicly accessible systems by testing combinations of these weak credentials, often gaining network access with minimal effort”adds the study.
Corvus Insurance also points out the lack of two-factor authentication. This security mechanism, too often neglected, can make it possible to block access to a hacker who would have got their hands on your identifiers. Yet 75% of ransomware victims report failing to configure multi-factor authentication, which remains “a crucial safety net” against attacks.
???? To not miss any news from 01net, follow us on Google News and WhatsApp.
Source :
Corvus Insurance
Related News :