Story image

Ransomware on the rise, creeping into business critical systems

10 Apr 18

Despite many sources saying ransomware is in decline, a new report from Verizon has proven the malware is still the most prominent form of malicious software.

Not only that, but it’s also on the rise. Verizon’s 2018 Data Breach Investigations Report (DBIR) found ransomware in 39 percent of malware-related data breaches, which is more than double that of last year’s DBIR and accounts for more than 700 incidents.

The report found that attacks are now moving into business critical systems, encrypting file servers or databases to ultimately inflict more damage command more substantial ransom requests.

Humans continue to be a key weakness within enterprises, with employees still falling victim to social attacks.

Financial pretexting and phishing represent 98 percent of social incidents and 93 percent of all breaches investigated – with email continuing to be the main entry point (96 percent of cases). Companies are nearly three times more likely to get breached by social attacks than via actual vulnerabilities, emphasising the need for ongoing employee cybersecurity education.

The report found financial pretexting to be targeting HR specifically after increasing more than five times since the 2017 DBIR, with 88 of these incidents targeting HR staff to obtain personal data for the filing of fraudulent tax returns.

Verizon says a particular concerning statistic from the report is that four percent of people failed a phishing test for any given phishing campaign. This might sound miniscule, but a cybercriminals only needs one victim to get access into an organisation.

“Businesses find it difficult to keep abreast of the threat landscape, and continue to put themselves at risk by not adopting dynamic and proactive security strategies,” says Verizon Enterprise Solutions president George Fischer.

DDoS attacks are rampant and are often used as camouflage to hide other breaches in progress by being started, stopped and restarted.

Verizon found that most breaches were caused by hackers outside of organisations, with 72 percent of attacks perpetrated by outsiders, 27 percent involved internal actors, 2 percent involved partners and 2 percent featured multiple partners. Organised crime groups still account for 50 percent of all the attacks analysed.

“Ransomware remains a significant threat for companies of all sizes,” says Bryan Sartin, executive director security professional services, Verizon. “It is now the most prevalent form of malware, and its use has increased significantly over recent years,” says Verizon security professional services executive director.

“What is interesting to us is that businesses are still not investing in appropriate security strategies to combat ransomware, meaning they end up with no option but to pay the ransom – the cybercriminal is the only winner here! As an industry, we have to help our customers take a more proactive approach to their security.”

The report also analysed the biggest risks per industry, with some of the main industries including:

  • Education – Social engineering targeting personal information is high, which is then used for identity fraud. Highly sensitive research is also at risk, with 20 percent of attacks motivated by espionage. Eleven percent of attacks also have “fun” as the motive rather than financial gain.

  • Financial and insurance – Payment card skimmers installed on ATMs are still big business; however, we’re also now seeing a rise in “ATM jackpotting,” where fraudulently installed software or hardware instructs the ATMs to release large amounts of cash. DDoS attacks are also a threat.

  • Healthcare – This is the only industry where insider threats are greater than threats from the outside. Human error remains a major contributor to healthcare risks.

  • Information – DDoS attacks account for over half (56 percent) of the incidents within this sector.

  • Public sector – Cyber-espionage remains a major concern, with 43 percent of breaches being espionage motivated. However, it is not only state-secrets that are a target - personal data is also at risk.

Sixty-eight percent of breaches took months or longer to discover, even though 87 percent of the breaches examined had data compromised within minutes or less of the attack taking place, which is why Verizon says the time to act is now.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.