- Security TWENTY
- Women in Security
Ransomware attacks are a key cybersecurity threat, warns Verizon’s 2018 Data Breach Investigations Report (DBIR). Ransomware is the most common type of malware, found in 39 per cent of malware-related data breaches – double that of last year’s DBIR– and accounts for over 700 incidents. What’s more, Verizon’s analysis shows that attacks are now moving into business-critical systems, which encrypt file servers or databases, inflicting more damage and commanding bigger ransom requests.
DBIR also flags a shift in how social attacks, such as financial pretexting and phishing, are used. Attacks such as these, which continue to infiltrate organisations via employees, are now increasingly a departmental issue. Analysis shows that Human Resource (HR) departments across multiple verticals are now being targeted in a bid to extract employee wage and tax data, so criminals can commit tax fraud and divert tax rebates.
George Fischer, president of Verizon Enterprise Solutions, says: “Businesses find it difficult to keep abreast of the threat landscape, and continue to put themselves at risk by not adopting dynamic and proactive security strategies. Verizon gives businesses data-driven, real-life views on the cyber-threat landscape, not only through the DBIR series but also via our comprehensive range of intelligent security solutions and services. This 11th edition of the DBIR gives in-depth information and analysis on what’s really going on in cybercrime, helping organizations to make intelligent decisions on how best to protect themselves.”
DBIR findings include:
Ransomware is the most prevalent variety of malicious software: It was found in 39 percent of malware-related cases examined this year, moving up from fourth place in the 2017 DBIR (and 22nd in 2014). Most importantly, based on Verizon’s dataset it has started to impact business critical systems rather than just desktops. This is leading to bigger ransom demands, making the life of a cybercriminal more profitable with less work.
The human factor continues to be a key weakness: Employees are still falling victim to social attacks. Financial pretexting and phishing represent 98 percent of social incidents and 93 percent of all breaches investigated – with email continuing to be the main entry point (96 percent of cases). Companies are nearly three times more likely to get breached by social attacks than via actual vulnerabilities, emphasizing the need for ongoing employee cybersecurity education.
Pretexting incidents have increased over five times since the 2017 DBIR, with 170 incidents analyzed this year (compared to just 61 incidents in the 2017 DBIR). Eighty eight of these incidents specifically targeted HR staff to obtain personal data for the filing of file fraudulent tax returns. Phishing attacks cannot be ignored. While on average 78 percent of people did not fail a phishing test last year, 4 percent of people do for any given phishing campaign. A cybercriminal only needs one victim to get access into an organisation.
DDoS attacks can impact anyone and are often used as camouflage, often being started, stopped and restarted to hide other breaches in progress. They are powerful, but also manageable if the correct DDoS mitigation strategy is in place. Most attackers are outsiders: One breach can have multiple attackers and we found the following: 72 percent of attacks were perpetrated by outsiders, 27 percent involved internal actors, 2 percent involved partners and 2 percent feature multiple partners. Organized crime groups still account for 50 percent of the attacks analyzed.
Bryan Sartin, executive director security professional services, Verizon, says: “Ransomware remains a significant threat for companies of all sizes. It is now the most prevalent form of malware, and its use has increased significantly over recent years. What is interesting to us is that businesses are still not investing in appropriate security strategies to combat ransomware, meaning they end up with no option but to pay the ransom – the cybercriminal is the only winner here! As an industry, we have to help our customers take a more proactive approach to their security. Helping them to understand the threats they face is the first step to putting in place solutions to protect themselves.
“Companies also need to continue to invest in employee education about cybercrime and the detrimental effect a breach can have on brand, reputation and the bottom line. Employees should be a business’s first line of defense, rather than the weakest link in the security chain. Ongoing training and education programs are essential. It only takes one person to click on a phishing email to expose an entire organisation.”
Verizon is exhibiting at RSA 2018 in San Francisco.
Itsik Mantin, director of security research at Imperva said: “The flourishing of ransomware is anything but surprising. In the recent years we’ve seen the ransomware economy going through industrialization, allowing attackers to build ransomware campaigns from building blocks they purchase or obtain in darknet forums, with the leading infection vector of 2017 being with no doubt EthernalBlue, which was used in several Ransomware campaigns like WannaCry.
However, with all due respect to the research, I believe the statistics are strongly biased towards noisy attacks and “deprives” other threats like data theft and recruitment of hijacked machines to variety of purposes including cryptomining and joining a botnet. The majority of the data theft attacks go undetected without the victim knowing he was attacked – a fact that holds for both insider and external data breaches. As opposed to data theft, ransomware is a noisy attack, noticed by the victim in 100% of the cases. Thus, even if from the victim’s perspective ransomware is the most prevalent attack, this victim may not know about the five hidden malwares crawling in his organization, collecting and exfiltrating stolen data, collecting credentials and taking over machines. Maybe a few hundred of his desktops might be mining cryptocurrencies for anonymous accounts, or waiting for command to join a DDoS attack on a joint target.”
Rashmi Knowles, EMEA Field CTO at RSA Security said: “The use of stolen credentials has been the most successful attack method according to this year’s DBIR, which suggests the biggest struggle for enterprise is still identity and access management. Credentials are available for pittance on the dark web and provide an easy attack vector for hackers, who know that users rarely change their passwords. This is why two-factor authentication is a must-have for businesses. Passwords by themselves are clearly not a strong enough defence. However, the key is to balance convenience with security, to ensure that users behave securely – for instance, using proximity-based identity solutions that connect to a user’s mobile, or biometrics such as iris and fingerprint scanning, users can easily demonstrate that they are who they say they are without having to jump through too many hoops, while still reducing risk for the business.”
And Tony Pepper, CEO of Egress, said: “For me, the glaring findings in this report are the number of data security incidents that originate from within organisations. In fact, 27 percent of attacks involved internal actors, and simple errors such as sending emails to the wrong person are behind almost one-fifth of breaches, with the healthcare sector singled out as a regular offender in this respect.
“When we think about cyber-attacks, we often consider the threat from outside the organisation, with hackers gaining access to information or malware penetrating networks and files. Of course these issues need to be addressed, however this report also shows the vast number of incidents caused by organisations’ own staff that can be resolved internally. Organisations need to understand the sensitive data they hold and then quantify the risk their own staff pose to it by, primarily, making mistakes or through oversight. They then need to wrap technology around these users, helping them to make good decisions when doing everyday tasks, such as sharing data by email.”