Ransomware and data extortion attacks set a new record in 2023, with close to $1 billion in victim payments. As posted by JP Castellanos on the Strategic CIO website (https://strategiccio360.com/5-ways-ransomware-hackers-can-blindside-your-business/?utm_content=276344881+utm_medium=social+utm_source), cyber criminals have moved beyond phishing emails. He lists five ways they attack their target:
- Botnets directly target applications or devices through credential stuffing or vulnerability exploits.
- Remote servicers are exploited through stolen or default passwords. Virtual private networks are targeted through exploit codes.
- Attacks through third party vendors and technology providers. This has replaced phishing as the top cyber threat.
- Recruiting insiders by paying for credentials.
- Hacking vulnerable Internet of Things (IoT) devices to bypass network security.
Castellanos recommends a multi-layered defense strategy equally focused on proactive prevention and post-breach containment. Threat hunting and digital risk protection check for threats. Strong access control, network sequestration, data encryption and backup minimize damage from attacks.