Report: 60% of security threats are precursors to ransomware

Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now

New research from Red Canary has indicated that by developing robust detection coverage for the techniques adversaries abuse most often, security teams can achieve defense-in-depth against the many threats that leverage those techniques and the broader trends that dominate the infosec landscape.

The report is organized into three cascading sections: trends, the threats that comprise those trends and the MITRE ATT&CK® techniques that are leveraged by those threats. Each section includes extensive guidance that security teams can use to mitigate, prevent or detect the malicious activity described in the report.

The biggest trend in 2021, not surprisingly, was ransomware. Counterintuitively, Red Canary doesn’t detect much ransomware, and the reason for that is probably the single most important takeaway from the report. Ransomware is almost always the eventual payload delivered by earlier-stage malicious software or activity; if you detect the threats that deliver the ransomware, you stop the ransomware before it arrives. So, how do you detect those threats? Focus on the techniques that adversaries are most likely to leverage.

Graphic. Ransomware is split into three threats: cobalt strike, Qbot, and SocGholish. Cobalt Strike can be combatted with Powershell, Rundll32, and obfuscated files or info. Qbot can be defended against with ingress tool transfer, masquerading, and Rundll32. SocGholish can be fought against with masquerading, Powershell, and Ingress Tool Transfer.

Of the top 10 threats Red Canary observed in 2021, 60% are ransomware precursors (i.e., threats that’ve been known to deliver ransomware as a follow-on payload). More staggering is that a full 100% of the top ATT&CK techniques have been used during an attempted ransomware infection.

AI Scaling Hits Its Limits

Power caps, rising token costs, and inference delays are reshaping enterprise AI. Join our exclusive salon to discover how top teams are:

Turning energy into a strategic advantage
Architecting efficient inference for real throughput gains
Unlocking competitive ROI with sustainable AI systems

Secure your spot to stay ahead: https://bit.ly/4mwGngO

As an example, a significant plurality of ransomware infections involve the use of a command and control (C2) product called Cobalt Strike — Red Canary’s second-ranked threat. Cobalt Strike, in turn, leverages ATT&CK techniques like PowerShell, Rundll32, Process Injection, Obfuscated Files or Information and DLL Search Order Hijacking, all of which are in the top 10. If you develop broad detection coverage for those techniques, then you’ve got a great shot of detecting Cobalt Strike and preventing ransomware infections.

The report is based on analysis of the more than 30,000 confirmed threats detected across Red Canary’s customer base in 2021.

Read the full report by Red Canary.

Daily insights on business use cases with VB Daily

If you want to impress your boss, VB Daily has you covered. We give you the inside scoop on what companies are doing with generative AI, from regulatory shifts to practical deployments, so you can share insights for maximum ROI.

Read our Privacy Policy

Thanks for subscribing. Check out more VB newsletters here.

An error occured.

The insights you need without the noise