A recent report by the cyber insurance company Covus reveals that threat actors are switching tactics to compromise their victims with ransomware, with more insurance claims arising from attackers exploiting vulnerabilities rather than using phishing emails.
The report says that vulnerability exploitation rose as an initial access method from <5% of ransomware claims in the second half of 2022 to about 30% in the first half of 2023.
Whilst threat actors have exploited zero-day vulnerabilities this year, especially in file transfer software (e.g. MOVEit), the key defence against vulnerability exploits is to stay up to date with your patching.
For very good reasons, patching is a key requirement of the Cyber Essentials scheme.
If you would like to know more about Cyber Essentials, please get in touch.