Black Hat , Events , Fraud Management & Cybercrime
Exploiting Unpatched Systems: Latest in Ransomware Trends
Michael Sikorski of Palo Alto Networks on Evolving Ransomware StrategiesRansomware attackers are increasingly shifting their initial access strategy from phishing to exploiting external vulnerabilities. With Russian hackers leading the charge, attackers target vulnerabilities in systems including VPNs, firewalls and remote desktop solutions, which are "hard to just unplug, patch and replug," said Michael Sikorski, vice president of threat intelligence and CTO, Unit 42, Palo Alto Networks.
See Also: Critical Condition: How Qilin Ransomware Endangers Healthcare
Attackers exploit the gaps between vulnerability disclosure and patching, using recycled techniques to maximize efficiency. Sikorski cited the continued use of a Microsoft Outlook vulnerability by Russian hackers for over 20 months as an example.
"Attackers will use what works," he said. "If it's something that's been out a long time, something that's easy for them to build, that's the best thing for them to use because then they could save their fancy capabilities, the zero-day attacks, for high-value targets. One thing we'll see is they'll recycle and reuse those things over and over again."
In this video interview with Information Security Media Group at Black Hat 2024, Sikorski also discussed:
- Using AI to automate phishing, lateral movement and malware creation;
- How defenders are integrating AI into their red-teaming efforts to simulate an adversarial activity;
- How Russian hackers exploit persistent vulnerabilities to maximize attacks.
Sikorski is an industry expert in reverse engineering. He has more than 20 years of experience working on high-profile incidents and leading R&D teams and previously worked at Mandiant and the NSA.