Despite many sources saying ransomware is in decline, a new report from Verizon has proven the malware is still the most prominent form of malicious software.
Not only that, but it’s also on the rise. Verizon’s 2018 Data Breach Investigations Report (DBIR) found ransomware in 39 percent of malware-related data breaches, which is more than double that of last year’s DBIR and accounts for more than 700 incidents.
The report found that attacks are now moving into business critical systems, encrypting file servers or databases to ultimately inflict more damage command more substantial ransom requests.
Humans continue to be a key weakness within enterprises, with employees still falling victim to social attacks.
Financial pretexting and phishing represent 98 percent of social incidents and 93 percent of all breaches investigated – with email continuing to be the main entry point (96 percent of cases). Companies are nearly three times more likely to get breached by social attacks than via actual vulnerabilities, emphasising the need for ongoing employee cybersecurity education.
The report found financial pretexting to be targeting HR specifically after increasing more than five times since the 2017 DBIR, with 88 of these incidents targeting HR staff to obtain personal data for the filing of fraudulent tax returns.
Verizon says a particular concerning statistic from the report is that four percent of people failed a phishing test for any given phishing campaign. This might sound miniscule, but a cybercriminals only needs one victim to get access into an organisation.
“Businesses find it difficult to keep abreast of the threat landscape, and continue to put themselves at risk by not adopting dynamic and proactive security strategies,” says Verizon Enterprise Solutions president George Fischer.
DDoS attacks are rampant and are often used as camouflage to hide other breaches in progress by being started, stopped and restarted.
Verizon found that most breaches were caused by hackers outside of organisations, with 72 percent of attacks perpetrated by outsiders, 27 percent involved internal actors, 2 percent involved partners and 2 percent featured multiple partners. Organised crime groups still account for 50 percent of all the attacks analysed.
“Ransomware remains a significant threat for companies of all sizes,” says Bryan Sartin, executive director security professional services, Verizon. “It is now the most prevalent form of malware, and its use has increased significantly over recent years,” says Verizon security professional services executive director.
“What is interesting to us is that businesses are still not investing in appropriate security strategies to combat ransomware, meaning they end up with no option but to pay the ransom – the cybercriminal is the only winner here! As an industry, we have to help our customers take a more proactive approach to their security.”
The report also analysed the biggest risks per industry, with some of the main industries including:
Education – Social engineering targeting personal information is high, which is then used for identity fraud. Highly sensitive research is also at risk, with 20 percent of attacks motivated by espionage. Eleven percent of attacks also have “fun” as the motive rather than financial gain.
Financial and insurance – Payment card skimmers installed on ATMs are still big business; however, we’re also now seeing a rise in “ATM jackpotting,” where fraudulently installed software or hardware instructs the ATMs to release large amounts of cash. DDoS attacks are also a threat.
Healthcare – This is the only industry where insider threats are greater than threats from the outside. Human error remains a major contributor to healthcare risks.
Information – DDoS attacks account for over half (56 percent) of the incidents within this sector.
Public sector – Cyber-espionage remains a major concern, with 43 percent of breaches being espionage motivated. However, it is not only state-secrets that are a target - personal data is also at risk.
Sixty-eight percent of breaches took months or longer to discover, even though 87 percent of the breaches examined had data compromised within minutes or less of the attack taking place, which is why Verizon says the time to act is now.