I have been developing a cybersecurity exploitation and threat lifecycle model and this article caught my attention in it highlighting the evolution of the deployment of the ransomware tech. Initially spread through phishing, it is now being used as the payload in the attacks. Interesting.
This also creates an interesting base cost of not safeguarding a network environment. Consider that the attacks are becoming automated (automatic identification of a server running known vulnerability and then automatic installation of malware which then automatically takes over network for ransom) the attacks scale easily, and there is a bit of near certainty here. More thoughts, developed out with hard data, to come on this topic.
“This is really one of the first times we’ve seen ransomware spread by a network vulnerability,” Craig Wilson of Talos Research told Ars, …The malware, called “Samsam” by Talos, uses old, very public exploits right out of JexBoss—an open source vulnerability testing tool for JBoss. Once the malware has a foothold on the server, it spreads to Windows machines on the same network. “I wouldn’t be surprised if this [malware approach] was extended toward WordPress and other content management systems,” Wilson said. “This is really just the natural progression of ransomware.”