New e-book: App-based ransomware rising

It’s always been important to secure your web applications against a wide range of threats, but recently it’s become even more urgent.

That’s because ransomware criminals, whose primary vector of attack has for a long time been email, are increasingly using application-based attacks as the first step in an attack chain leading to the deployment of ransomware in target systems.

Email security strong, app security … less strong

One key reason for this shift from email to app-based ransomware attacks is that increasing numbers of organizations have invested in advanced, AI-driven email security solutions like Barracuda Email Protection. These solutions are very effective in detecting, preventing, and responding rapidly to the kinds of phishing and account-takeover attacks that have long been used to infiltrate ransomware into target networks.

At the same time, a significant number of organizations use only rudimentary application-security — or, even if they invested in full-featured application-security solutions, they have never fully configured them or have failed to update the configuration as they develop and deploy new or updated applications.

This is largely due to the fact that traditional app-security solutions are frankly very complex to configure correctly. Overextended IT security teams often find it simpler to only monitor application traffic without instituting automatic remediation or prevention capabilities. And, of course, DevOps teams are always in a hurry to go live with new apps and can be impatient with complex security audits that delay full production.

The path of least resistance

As a result, there are plenty of vulnerable applications out there that make tempting targets for ransomware crooks, who are nothing if not consummate opportunists. Over the past few years, their attacks had already grown increasingly complex, exploiting multiple vectors in successive stages, creating intricate scenarios that culminate in detonating ransomware. So the fact that they are now using classic application-compromise techniques like SQL injection to initiate ransomware attacks is not surprising. They are simply following the path of least resistance.

Barracuda and AWS e-book

Barracuda and AWS have recently teamed up to produce a new e-book to explain these developments in detail. Read it to get a step-by-step analysis of a typical modern app-based ransomware attack. You’ll also see how Barracuda Web Application Firewall — which you can provision directly from the AWS Marketplace — protects your public-facing apps against all the most sophisticated threat modalities.

And speaking of Barracuda Web Application Firewall, you might be pleasantly surprised to find out that compared to older app security solutions, it’s incredibly simple and fast to configure and deploy. Which means that there’s really no good excuse anymore for leaving your applications inadequately protected from the new wave of app-based ransomware.

Get your copy of the e-book now