sb-eu logo
Story image

Data is more valuable to cyber attackers than cash - report

03 Apr 2020

Positive Technologies (PT) has today released a report, revealing a shift in motivations for attacks on individuals – data is now more desirable than direct financial gain.

Data theft was the goal of more than half of all attacks in 2019, according to PT. This is a 20 percentage point increase compared to 2018 when data theft was the goal of only 30% of incidents. 

Data theft was also the biggest driver for attacks on both individuals (57%) and organizations (60%) in 2019. 

Personal data, login credentials and credit card details were more valuable to attackers in 2019 than direct acquirement of cash, indicating the strength of the black market trading in data.
 

Targeted attacks becoming more popular

The report also reveals that the percentage of targeted attacks is much greater than that of mass attacks.

According to the study, the number of unique cyberattacks increased by 19% year-on-year, and the percentage of targeted attacks increased by 5 percentage points compared to 2018, now standing at 60%. 

PT experts noted that the number of attacks increased every quarter. In Q1, 47% of attacks were targeted. At the end of the year, this figure had grown to 67%.

“The increase in targeted attacks is due to several reasons,” says Positive Technologies director of Expert Security Center Alexey Novikov.

“Every year we see new groups of attackers specialising in advanced persistent threats. During 2019, the PT ESC tracked APT attacks by 27 groups, ranging from well-known groups, such as Cobalt, Silence, and APT28, to relatively unknown newcomers. 

“Companies are paying closer attention to cybersecurity, and implementing and using special security tools (such as anti-APT solutions) to detect and prevent complex attacks. 

“This makes it easier to detect malicious activity more accurately and significantly reduces dwell time,” says Novikov.

“Because of this, information on individual incidents and particular tactics and tools used by different APT groups becomes public knowledge and can be used as intelligence to bolster countermeasures.”
 

Advances in malware prompt a shift in cybersecurity behaviour

Security teams should shift their attention from prevention of attacks in the perimeter to timely detection and response inside the network, says PT. 

Considering the increase of targeted attacks, threat actors are constantly evolving their tactics, and malware is becoming more complex. Bearing this is mind, PT experts predict that in the next few years, security will be centred around constant monitoring of security incidents, advanced network traffic analysis, and retrospective network events analysis.

Top targeted sectors were government, industrial, healthcare, science and education, and finance, according to the report.

Industrial companies accounted for 10% of attack targets, compared to just 4% in 2018.
 

Ransomware on the rise

In 2019, ransomware accounted for 31% of all infections, and the average ransom paid numbered in the hundreds of thousands of dollars. 

2019 also saw a shift in tactics used by ransomware perpetrators: if a ransomware victim refused to pay, malware operators threatened to disclose the data they copied before encrypting it. 

PT says it expects a new wave of ransomware attacks in 2020, in which hackers hold victim data hostage and disclose information of those who refuse to pay.

Story image
CrowdStrike expands Linux protection, adds machine learning prevention
CrowdStrike says its solution delivers proven breach prevention and visibility from its cloud-delivered platform via a single lightweight agent.More
Story image
Months on, many organisations still don't have secure remote access - report
The report analyses the extent to which businesses were prepared for the sudden shift into remote working due to COVID-19 restrictions, and analyses how organisations have adjusted to support remote workers amidst the COVID-19 pandemic. More
Story image
Five wine-tasting tips that should be applied to network security
What does network visibility really mean? Much like a blind wine tasting, we need to keep an open mind and trust what data is telling us without being biased by previous results.More
Story image
Vulnerability discovered in DNS recursive resolvers that can be abused to launch DDoS attacks against any victim
Researchers have discovered a vulnerability in the implementation of DNS recursive resolvers that can be abused to launch disruptive DDoS attacks against any victim.More
Story image
Report: Tech industry most attacked sector
"The current global crisis has shown us that cyber criminals will always take advantage of any situation and organisations must be ready for anything."More
Story image
Endace and Palo Alto Networks launch integration to empower security teams
“The combination of Cortex XSOAR’s powerful orchestration and automation capabilities with the rich network history recorded by the EndaceProbe Analytics Platform gives security operations access to the conclusive forensic evidence they need to respond quickly and accurately to threats.” More