Skip to main content
close search
site logo
Dive Brief

Remote-access tools the intrusion point to blame for most ransomware attacks

Self-managed VPNs from Cisco and Citrix were 11 times more likely to be linked to a ransomware attack last year, At-Bay research found.

Published May 16, 2024
Matt Kapko's headshot
Senior Reporter
3D digital circular dynamic wave.
Vitalii Pasichnyk/Getty via Getty Images

Dive Brief:

  • Remote-access tools were the primary intrusion point for ransomware attacks, accounting for 3 in 5 attacks last year, cybersecurity insurance firm At-Bay said Wednesday in a report.
  • Attackers primarily targeted perimeter-access tools in 2023, but shifted their focus from remote desktop protocol to targeting self-managed VPNs. These on-premises VPNs were linked to more than 3 in 5 ransomware attacks where remote access was the initial entry vector, according to At-Bay.
  • “Attackers go after the same things. If you have a city that has walls around it, you’re going to go after the gate because the gate is a weaker point than the actual wall,” Rotem Iram, At-Bay founder and CEO, said last week at an Axios event on the sidelines of the RSA Conference in San Francisco.

Dive Insight:

Network devices are common targets for financially-motivated and nation-state linked attackers. Vulnerabilities in devices sold by Barracuda, Cisco, Citrix, Fortinet, Ivanti, Palo Alto Networks and others were widely exploited during the last year.

Ivanti zero-day exploits were linked to intrusions at Mitre Corp. and the Cybersecurity and Infrastructure Security Agency. Boeing and Comcast were both impacted by attacks linked to exploits of the Citrix vulnerability, dubbed CitrixBleed.

Self-managed VPNs, especially the most popular among enterprises, were more troublesome with respect to ransomware attacks than cloud-managed VPNs or no VPN at all, according to At-Bay research.

“Organizations using self-managed VPNs by Cisco and Citrix were 11 times more likely to fall victim to a direct attack in 2023,” the report found. Self-managed Fortinet VPNs were five times more likely to be linked to a ransomware attack than cloud VPNs.

“Today, technology is basically use-at-your-own risk,” Iram said last week while previewing the research during the RSA Conference.

“Security is infinitely complex,” he said, “but at the end of the day, most of the attacks are very predictable.”

Attackers are targeting everyone in the remote-access business and they don’t always need to break in with exploits, Iram said. “They also walk in through the front door with credentials they stole.”

At-Bay’s report is based on claims information it received from customers and claims data analyzed by the insurer’s researchers. The company is currently fielding about 200 claims a month, according to Iram.

“We’re never going to be able to get this risk to completely go away, but I think we need to bring it back to a level where an organization doesn’t need to think twice about adopting technology,” Iram said. “To me, that’s the risk. If technology starts to add more risk than value, then it’s going to be detrimental.”

Editors' picks

Company Announcements

View all | Post a press release
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Breaches
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell