URLs now top ransomware vector
URLs have emerged as the leading method of delivering ransomware to victims, according to research from Palo Alto Networks’ Unit 42.
The research found that URL or web browsing has taken over from email attachments as the most widely used channel for distributing ransomware since 2021, with URLs accounting for over 77% of cases analysed by the company.
Third party apps are the next most common method, responsible for 8.2% of cases, followed by SMPT- (6.4%) and POP3- (4.2%) based email attachments.
Meanwhile the Lazy and Virlock ransomware families are dominating in terms of ransomware traffic, accounting for over 50% of ransomware observed during the last quarter of 2022.
During the quarter, Palo Alto detected over 27,000 unique URLs and hostnames hosting ransomware. Based on an analysis of 7000 random samples from the ransomware hosting URLs, Palo Alto estimates that more than 20% of malicious URLs remain active days or weeks after being detected.
The .com top level domain dominates in terms of compromised or malicious websites, but attackers are increasingly utilising country code top level domains including .ru (Russia) and .cn (China).
Palo Alto noted that since its inception in October, the Palo Alto Networks Advanced URL Filtering and DNS Security product releases have automatically blocked over 2000 sessions involving ransomware URLs daily. Over 49% of these are blocked from customers’ traffic before reaching their devices.
CrowdStrike to buy Adaptive Shield
CrowdStrike is augmenting its SaaS security capabilities through the acquisition of Israeli-based...
LockBit named nastiest malware of 2024
LockBit, a ransomware malware known to have been used to attack Australian targets, has been...
Extreme Networks launches ZTNA solution
Extreme Networks' new ExtremeCloud Universal ZTNA solution combines cloud network access...