- Computer pirates are carrying out attacks faster than ever, according to the report
- Reliakest Research says that exfiltrated data encryption is increasingly likely
- Phishing remains the superior attack vector
In addition to promoting companies worldwide, the adoption of AI by security teams and computer pirates has also changed the panorama of the cybercrime, with a new investigation of trust that states that cybercriminals are now faster than ever in non -compliance systems, with the average time between initial access and lateral movement now only 48 minutes.
Interestingly, the report found that computer pirates depend less and less on encryptions, with 80% of all infractions that involve the exfiltration of data, but only 20%, including encryption, and many attackers are abandoning the encryption completely, focusing only on the theft of data, “a faster and more profitable approach,” confirms the report.
This suggests that companies are less inclined to pay bailouts, and computer pirates are more successful in the sale of stolen data, instead of making demands.
Old habits die hard
This is not perhaps at all surprising, since less than half of the ransomware incidents result in payment, and those who pay the rescue, only around 7% recover their information completely, so there are not many incentives to any of the sides.
Research also shows that phishing is once again the higher initial access technique, and 30% of these attacks include credentials. Social Engineering attacks are also evolving, with a ‘voice phishing’ now behind 14% of violations, especially addressing the manufacturing sector, probably due to frequent IT interactions and indulgent help service policies necessary to handle high volumes of support applications.
But the findings also mean that security equipment will have to rethink their priorities in the coming months, and in 2025, companies will have to reinforce their defenses to avoid any time of expensive inactivity.
“The approach can no longer be only in the restoration of encrypted systems: the strategies must also address the protection of data privacy, administer the risks of reputation and guarantee compliance with the regulatory requirements,” adds the report.
“To prepare, CISO must implement defenses to detect and prevent attempts at exfiltration while developing plays books that prioritize business continuity and resilience against these evolutionary ransomware tactics.”
