Cybercriminals appear to have doubled down on ransomware attacks again in the year, with a stealthier approach evident as well as a shift to data exfiltration from applications, according to Delinea’s annual ransomware poll.
Privileged access management (PAM) specialist Delinea – formerly Thycotic and Centrify – took the pulse of US ransomware and compared results year over year.
“Threat actors are developing more sophisticated ways to steal log-in credentials, take over user accounts, and elevate access,” the vendor said, announcing the report.
Meanwhile, the spread of cloud and devops is making organisations more vulnerable to ransomware attacks. By targeting devops repositories, pipelines, and dependencies, cybercriminals can unleash malware designed to disrupt services and steal data.
“High-profile attacks originating from a devops environment, such as [2021 hack of Kaseya], in which attackers injected ransomware into a software update of a trusted IT solution, show how widespread the damage can be,” Delinea said.
Delinea is continuing to step up its innovation and acquisition programmes to meet evolving customer need. Last year saw the debut of its Delinea Platform, which it describes as a cloud-native foundation for Delinea PAM, helping deliver visibility, dynamic privilege controls, and adaptive security.
Last month, Delinea announced its intent to acquire Fastpath “to revolutionise” privileged access and identity governance via AI-driven authorisation security for infrastructure, apps, and data.
In January 2024, the company acquired Authomize, extending the Delinea Platform’s reach with comprehensive privileged controls in the cloud while expanding its role to provide a strong defence against identity-based attacks.
“The Delinea Platform combines enterprise vaulting, VPN-less privileged remote access, and privilege controls to enforce just-in-time and just enough privileges to provide a more secure, resilient, scaleable SaaS solution,” the vendor said in its annual announcement round-up.
The company also recently debuted AI-Driven Audit (AIDA), combining user activity recognition and AI learning to monitor privileged session recordings for potentially dangerous activities, and a deepening of multi-factor authentication (MFA) enforcement, including on individual privileged credentials beyond MFA at login.
“The new layer of security reduces risk for highly sensitive credentials, helping organisations meet increasingly stringent compliance requirements,” the vendor said.
Delinea closed 2023 with growth of annual recurring revenues of some 20% year over year to $300 million (£236m), reflecting growing interest and demand for sophisticated PAM offerings for secure access. Recurring revenue now exceeds 85% of its total revenue, it said.
( Photo by Markus Spiske on Unsplash )