Data is more valuable to cyber attackers than cash - report
Positive Technologies (PT) has today released a report, revealing a shift in motivations for attacks on individuals – data is now more desirable than direct financial gain.
Data theft was the goal of more than half of all attacks in 2019, according to PT. This is a 20 percentage point increase compared to 2018 when data theft was the goal of only 30% of incidents.
Data theft was also the biggest driver for attacks on both individuals (57%) and organizations (60%) in 2019.
Personal data, login credentials and credit card details were more valuable to attackers in 2019 than direct acquirement of cash, indicating the strength of the black market trading in data.
The report also reveals that the percentage of targeted attacks is much greater than that of mass attacks.
According to the study, the number of unique cyberattacks increased by 19% year-on-year, and the percentage of targeted attacks increased by 5 percentage points compared to 2018, now standing at 60%.
PT experts noted that the number of attacks increased every quarter. In Q1, 47% of attacks were targeted. At the end of the year, this figure had grown to 67%.
“The increase in targeted attacks is due to several reasons,” says Positive Technologies director of Expert Security Center Alexey Novikov.
“Every year we see new groups of attackers specialising in advanced persistent threats. During 2019, the PT ESC tracked APT attacks by 27 groups, ranging from well-known groups, such as Cobalt, Silence, and APT28, to relatively unknown newcomers.
“Companies are paying closer attention to cybersecurity, and implementing and using special security tools (such as anti-APT solutions) to detect and prevent complex attacks.
“This makes it easier to detect malicious activity more accurately and significantly reduces dwell time,” says Novikov.
“Because of this, information on individual incidents and particular tactics and tools used by different APT groups becomes public knowledge and can be used as intelligence to bolster countermeasures.”
Security teams should shift their attention from prevention of attacks in the perimeter to timely detection and response inside the network, says PT.
Considering the increase of targeted attacks, threat actors are constantly evolving their tactics, and malware is becoming more complex. Bearing this is mind, PT experts predict that in the next few years, security will be centred around constant monitoring of security incidents, advanced network traffic analysis, and retrospective network events analysis.
Top targeted sectors were government, industrial, healthcare, science and education, and finance, according to the report.
Industrial companies accounted for 10% of attack targets, compared to just 4% in 2018.
In 2019, ransomware accounted for 31% of all infections, and the average ransom paid numbered in the hundreds of thousands of dollars.
2019 also saw a shift in tactics used by ransomware perpetrators: if a ransomware victim refused to pay, malware operators threatened to disclose the data they copied before encrypting it.
PT says it expects a new wave of ransomware attacks in 2020, in which hackers hold victim data hostage and disclose information of those who refuse to pay.