Dive Brief:
- Remote access tools were the initial entry point in eight of every 10 ransomware attacks in 2024, according to a report released Thursday by At-Bay. VPNs accounted for about two-thirds of ransomware attack entry points.
- Indirect ransomware claims continue to rise, showing a 43% increase in 2024, according to At-Bay. Indirect ransomware is when an attack begins on a third-party vendor or business partner, often leading to a data breach or business interruption of a downstream client or partner. The report cites the 2023 MOVEit breaches and the 2024 CDK attacks.
- Overall, the frequency of ransomware claims returned to record levels seen in 2021 after a decreased rate of attacks in 2022 and 2023, according to At-Bay.
Dive Insight:
The At-Bay report shows how some very familiar security tools are being exploited to launch highly disruptive attacks on businesses.
VPNs and remote access tools have been used to help workers gain secure access to their corporate networks from remote locations. However, the data shows these tools are often weaponized to help attackers exfiltrate data or engage in other malicious activity.
“Remote access tools essentially provide a front door to a company’s network and can usually be seen from the public internet, so they attract attention from attackers for that reason,” Adam Tyra, CISO for customers at At-Bay, said via email.
The report also notes that midmarket companies, with annual revenue in the $25 million to $100 million range, have seen sharp increases in direct ransomware claims.
The report is based on At-Bay insurance claims data from 2021 through the end of 2024.
