Story image

Ransomware on the rise, creeping into business critical systems

10 Apr 2018

Despite many sources saying ransomware is in decline, a new report from Verizon has proven the malware is still the most prominent form of malicious software.

Not only that, but it’s also on the rise. Verizon’s 2018 Data Breach Investigations Report (DBIR) found ransomware in 39 percent of malware-related data breaches, which is more than double that of last year’s DBIR and accounts for more than 700 incidents.

The report found that attacks are now moving into business critical systems, encrypting file servers or databases to ultimately inflict more damage command more substantial ransom requests.

Humans continue to be a key weakness within enterprises, with employees still falling victim to social attacks.

Financial pretexting and phishing represent 98 percent of social incidents and 93 percent of all breaches investigated – with email continuing to be the main entry point (96 percent of cases). Companies are nearly three times more likely to get breached by social attacks than via actual vulnerabilities, emphasising the need for ongoing employee cybersecurity education.

The report found financial pretexting to be targeting HR specifically after increasing more than five times since the 2017 DBIR, with 88 of these incidents targeting HR staff to obtain personal data for the filing of fraudulent tax returns.

Verizon says a particular concerning statistic from the report is that four percent of people failed a phishing test for any given phishing campaign. This might sound miniscule, but a cybercriminals only needs one victim to get access into an organisation.

“Businesses find it difficult to keep abreast of the threat landscape, and continue to put themselves at risk by not adopting dynamic and proactive security strategies,” says Verizon Enterprise Solutions president George Fischer.

DDoS attacks are rampant and are often used as camouflage to hide other breaches in progress by being started, stopped and restarted.

Verizon found that most breaches were caused by hackers outside of organisations, with 72 percent of attacks perpetrated by outsiders, 27 percent involved internal actors, 2 percent involved partners and 2 percent featured multiple partners. Organised crime groups still account for 50 percent of all the attacks analysed.

“Ransomware remains a significant threat for companies of all sizes,” says Bryan Sartin, executive director security professional services, Verizon. “It is now the most prevalent form of malware, and its use has increased significantly over recent years,” says Verizon security professional services executive director.

“What is interesting to us is that businesses are still not investing in appropriate security strategies to combat ransomware, meaning they end up with no option but to pay the ransom – the cybercriminal is the only winner here! As an industry, we have to help our customers take a more proactive approach to their security.”

The report also analysed the biggest risks per industry, with some of the main industries including:

  • Education – Social engineering targeting personal information is high, which is then used for identity fraud. Highly sensitive research is also at risk, with 20 percent of attacks motivated by espionage. Eleven percent of attacks also have “fun” as the motive rather than financial gain.

  • Financial and insurance – Payment card skimmers installed on ATMs are still big business; however, we’re also now seeing a rise in “ATM jackpotting,” where fraudulently installed software or hardware instructs the ATMs to release large amounts of cash. DDoS attacks are also a threat.

  • Healthcare – This is the only industry where insider threats are greater than threats from the outside. Human error remains a major contributor to healthcare risks.

  • Information – DDoS attacks account for over half (56 percent) of the incidents within this sector.

  • Public sector – Cyber-espionage remains a major concern, with 43 percent of breaches being espionage motivated. However, it is not only state-secrets that are a target - personal data is also at risk.

Sixty-eight percent of breaches took months or longer to discover, even though 87 percent of the breaches examined had data compromised within minutes or less of the attack taking place, which is why Verizon says the time to act is now.

Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.