Story image

Cisco report reveals ransomware attacks on the rise: Expert commentary

03 Aug 2016

The Cisco 2016 Midyear Cybersecurity Report (MCR) was recently released, with some startling findings – organisations are unprepared for future strains of more sophisticated ransomware.

According to the report, the main contributing factors are fragile infrastructure, poor network hygiene and slow detection rates, which are all providing ample time air cover for cybercriminals to operate. The biggest challenge facing businesses is the struggle to constrain the operational space of attackers, which is threatening the underlying foundation required for digital transformation.

Other key findings include cybercriminals expanding their focus to server-side attacks, ever-changing and evolving methods of attack and the increasing use of encryption to mask activity. What’s more, thus far in 2016 ransomware has become the most profitable malware type in history. Perhaps one of the more concerning revelations is that visibility across the network and endpoints remains a challenge, as on average, organisations take up to 200 days to identify new threats.

Webroot Director of Threat Research, David Kennerly says ransomware is undoubtedly one of the biggest threats facing organisations today. He quotes statistics from the Webroot 2016 Threat Brief, which reveal that 97 percent of malware is morphs to become unique to a specific endpoint.

“Part of the problem is the rate at which polymorphic malware is developing, resulting in thousands of new strands each month,” Kennerly says.” Unfortunately, protecting against ransomware is currently a question of economics. It is often cheaper to pay the ransom to get the data back than the costs of regular back-ups and running the technologies to defend.”

So what can we do?

Recently, the NASCAR team Circle Sport-Leavine Family Racing(CSLFR) were the victims of a ransomware attack and they ended up paying (via Bitcoin) to get their data back.

Kennerly says no matter how tempting it may be, companies should never concede to the criminal and pay the ransom, as it not only fuels the ransomware economy but there is also no guarantee that the data will be returned.

“There have been instances of malware claiming to encrypt the data, but instead it has been deleted so paying the ransom still did not result in the data’s return. Ransomware is a very real threat and organisations and individuals need to ensure that firstly, adequate defences are in place, and secondly, valuable data is backed up so systems can be restored if need be,” Kennerly concludes.

Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
SIS announces a partnership with Platform 4
“We are looking forward to a strong future in the New Zealand security industry with this global giant as our strategic partner."
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
Developing APAC countries most vulnerable to malware - Microsoft
“As cyberattacks continue to increase in frequency and sophistication, understanding prevalent cyberthreats and how to limit their impact has become an imperative.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
Kiwis know security is important, but they're not doing much about it
Only 49% of respondents use antivirus software and even fewer – just 19% -  change their passwords regularly.