Vulnerabilities in internet-facing applications have become the most common attack vector for ransomware operations. Often, these internet-facing applications are standard across enterprise environments around the world, making them a very tempting target for malicious hackers.
These applications and services could be internet-facing because organisations need them to enable employees to work remotely – or organisations might not even be aware that these applications are exposed to the internet at all.
"Even where a patch exists, the process of patching a vulnerability in an enterprise environment is far more complex and slower than the process for threat actors or OST [offensive security tool] developers of weaponising publicly available exploit code," warns the report.
Patching can be a laborious and cumbersome process, but it's still vital to help protect against ransomware and other malware attacks that target vulnerabilities in services exposed to the internet.
While over half of ransomware incidents examined started with attackers exploiting internet-facing vulnerabilities, compromised credentials – usernames and passwords – were the entry point for 39% of incidents.
Another form of protection that researchers say should be applied to help prevent ransomware attacks is multi-factor authentication (MFA).
By applying MFA, particularly to applications and accounts that access critical services, it becomes much more difficult for cyber criminals to enter and move around the network – even if they have the correct password. Steps like this can be a significant force in disrupting ransomware attacks before they even start.