ransomware – The year 2020 saw a growth in cybercrimes targeting individuals, businesses, and governments around the world.
A new report sheds more light on the cybersecurity perils, especially on the ransomware front.
According to the report by Cyber Security Works and Risk Sense, Software-as-a-service (SaaS) apps were the latest target of ransomware attacks.
The research added that SaaS apps also saw the highest count of vulnerabilities.
The other new categories that drew the attention of cybercriminals were open-source platforms and web and app frameworks.
“This shift shows how these threats are moving as organisations consume more applications in this manner. The problem; however, is that organisations must rely on these service providers to ensure they are remediating quickly against these threats,” according to the report.
The report titled “2021 Spotlight Report” says it has encountered a 4x increase in vulnerabilities tied to ransomware.
It also discovered 125 ransomware families that were using a mix of the 223 vulnerabilities.
While cybercriminals were using new tricks, older versions of ransomware were also getting exploited.
Older ransomware families, such as Cobralocker (2012), Gimemo (2012), Kovter (2012), Lokibot (2012), Lyposit (2012); Reveton (2012), Urausy (2012) Crilock (2013), Cerber (2016), and Cryptomix (2016), are still active.
Researchers also highlight another dangerous trend in this space.
They pointed out that cybercriminals are now allowing using ransomware attacks as a service.
It has allowed anybody to conduct ransomware attacks without having the requisite knowledge of the technology.
Until a few years ago, the expertise was limited to select people with deep security and coding knowledge.
According to security experts, Indians should also be concerned with the growth in ransomware attacks.
They pointed out ransomware attacks on Indian organisations increased by 31% during the Covid-19 pandemic in 2020.
“With ransomware moving from operating systems to SaaS products, Indian software industry needs to know the weaknesses; that our developers are introducing into the software and adopt a security-focused approach while writing code or by using no code to low code libraries as a part of the supply chain to avoid a Solar Winds type of attack,” the report added.