Ransomware attacks have doubled since last year and become a key cybersecurity threat for organisations globally, warns Verizon’s 2018 Data Breach Investigations Report.
Ransomware locks computers or encrypts files and demands money from victims to regain access to their devices or data. Ransomware grabbed headlines last year and became the favourite attack methodology used against businesses.
Just weeks after the WannaCry ransomware virus caused chaos across the globe in May, some of the world’s largest companies were hit by Petya, a second huge cyber attack. This hit the Ukrainian central bank and other government departments, and brought Kiev airport and the metro network to a standstill, before quickly spreading to at least 60 other countries.
“Ransomware remains a significant threat for companies of all sizes,” says Bryan Sartin, executive director, security professional services, Verizon. “It is now the most prevalent form of malware, and its use has increased significantly over recent years.”
Ransomware was found in 39 percent of malware-related cases in this year’s Verizon report, up from twenty-second place in 2014. It has started to impact business critical systems rather than just desktops. This is leading to bigger ransom demands, making the life of a cybercriminal more profitable.
Ever-more powerful distributed denial of service (DDoS) attacks are emerging. These overwhelm specific IP addresses or web services with fake traffic to knock them offline. The botnets behind such attacks, robot networks of compromised computers, are growing in strength by targeting internet of things (IoT) devices.
DDoS attacks are often used as camouflage or to create a distraction to hide other breaches in progress. In addition to corporate targets, the Austrian parliament and more than a hundred government servers in Luxembourg were affected by DDoS attacks last year. However, banks and financial services companies remain the most attractive DDoS targets. Attacks are capable of causing such serious material and reputational damage that many organisations choose to pay ransom demands to prevent them.
THE HUMAN FACTOR
The human factor continues to be a key weakness, says Verizon. Employees are still falling victim to social attacks. Financial ‘pretexting’ and phishing represent 98 percent of social incidents and 93 percent of all breaches investigated.
Pretexting is old-fashioned confidence trickery transferred online. The two most popular scenarios target employees in either finance or human resources. Finance employees receive fake invoices or e-mails purporting to be from the CEO or CFO asking them to transfer money to accounts that are controlled by criminals. HR employees are tricked into giving up salary and personal data, which criminals use to file fraudulent tax returns.
E-mail continues to be the main entry point. Organisations are nearly three times more likely to be breached by social attacks than via actual vulnerabilities. This proves that it is easier to hack a human than a network or application. It also emphasises the need for ongoing employee cybersecurity education.
“Employees should be a business’ first line of defence, rather than the weakest link in the security chain,” says Sartin. “Ongoing training and education programmes are essential. It only takes one person to click on a phishing e-mail to expose an entire organisation.”
COUNTERING THE THREATS
Banking Trojan botnets and DDoS attacks are by far the most common attacks in the financial and insurance sectors. Payment card skimmers installed on ATMs are still big business for criminals. ‘ATM jackpotting’, where fraudulently installed software or hardware instructs ATMs to dispense large amounts of cash, have also proved lucrative.
Organisations can take a number of proactive steps to avoid falling victim to cybercrime. These are not necessarily different from year to year. Yet with 68 percent of breaches taking months or longer to discover, they are clearly not being implemented effectively in all cases. Organisations are recommended to stay vigilant and log files for early warnings of potential breaches.
Training staff to spot telltale signs of cyber attacks is critical. As is keep data on a ‘need to know’ basis — only staff that need access to systems to do their jobs should have it. Patch promptly, encrypt data and use two-factor authentication. Finally, do not forget physical security as not all data incidents and breaches happen online.
The Verizon 2018 Data Breach Investigations Report includes analysis on 53,000 incidents and 2,216 breaches from 65 countries.