Those who do not sleep

Evil Kitchen

Темная кухня

add to favourites

Those who do not sleep

Read: 24029 Comments: 9 Rating: 16

Thursday, April 30, 2020

We’d like to draw your attention to the latest statistics on when malware attacks occur:

In 76% of incidents ransomware was executed in victim environments after hours, that is, on a weekend or before 8:00 a.m. or after 6:00 p.m. on a weekday, using victims' time zone As many as 49% of the attacks occurred overnight during the work week, and 27% took place on weekends.

Ransomware attacks by hour.

Source

It is important to note that threat actors can orchestrate their malware campaigns outside of formal business hours, and for companies that operate with no interruptions, they can easily keep track of specific events and user activity. Thus, in one of the examples, criminals created an Active Directory Group Policy Object to trigger ransomware execution based on user log on and log off.

Interestingly, when it comes to targeted attacks—when threat actors penetrate a network to achieve specific objectives—the actual malware deployment was often delayed for three days.

Number of days between intrusion and ransomware execution

Source

Obviously, those figures are relevant for attacks targeting specific organisations or individuals. When random infections occur, ransomware can spring into action instantaneously.

#fraud #encryption #encryption_ransomware

The Anti-virus Times recommends

Of course, the machines in your local network should run anti-virus software. However, if an attacker has already gained a foothold in your network—for example, by accessing the environment remotely via RDP—that won't be enough. Restrict user permissions and make sure that no known vulnerabilities, which can be exploited to elevate privileges, remain unpatched.

If a malicious file is detected, disconnect the machine from the infrastructure and take steps to remediate the infection—the file can be executed at any moment and your access password may have been compromised.
If possible, divide your network into subnets to prevent an infection from spreading across the network environment.
Back up your critical business data and, if possible, store the backups offsite because backups are often prime targets for attack.
Make sure that only specific logon types are available under local administrator accounts.
Set strong passwords.
Deny user access to systems during off-hours. Make sure that you are able to receive notifications about infection and malware execution attempts while you are out of the office.

To vote, log in under your account or create an account if you don't have one yet.

Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments

Niuxin
03:44:55 2020-05-14

Thanks for the statistics and recommendations.

Dmur
20:40:26 2020-04-30

Interesting statistics, useful tips, thank you!

Татьяна
20:22:25 2020-04-30

Most attacks occur during non-business hours. Well, it makes sense, what if no one notices? And when he does, it will be too late.

Toma
17:28:08 2020-04-30

Of course the attackers are attacking when the subject is most vulnerable. We will follow your recommendations, thank you!

Masha
14:15:04 2020-04-30

The crime statistics are clear-criminals don't sleep or rest.

EvgenyZ
13:06:39 2020-04-30

Really "Sleepless" hackers are obtained. But Dr. Web is also not asleep!

ka_s
09:14:33 2020-04-30

Hygiene rules are important not only during the coronavirus pandemic. These rules must always be followed.

Неуёмный Обыватель Собкор
08:38:58 2020-04-30

Crime never sleeps

Пaвeл Собкор
07:41:07 2020-04-30

As always, simple and reliable tips. The main thing is to observe them.

Comments to other issues | My comments

Home

Issues

Categories

Rating

About the project

Statistics

Favourites

Tools

The Anti-virus Times

Those who do not sleep

The Anti-virus Times recommends

Tell us what you think

Comments