Ransomware still seems to be the most prominent malware around, as per a recent study report.
The Verizon Annual Data Breach Investigation Report, released last week, comprises this and some other relevant findings.
This is the eleventh edition of the Verizon Data Breach Investigation Report (DBIR) and this includes data from 67 contributing organizations; the findings are based on analysis done focusing on over 53,000 incidents and 2,216 breaches from 65 different countries.
The DBIR report says that ransomware continues to be the most prevalent malware, with the criminals now planning attacks on business critical systems as well. The report also says that the human factor continues to be a weakness as regards cyber security.
A recent press release from Verizon discusses the Data Breach Investigation Report in detail. The release says- “Ransomware attacks are a key cybersecurity threat for global organizations, warns Verizon’s 2018 Data Breach Investigations Report (DBIR). Ransomware is the most common type of malware, found in 39 percent of malware-related data breaches – double that of last year’s DBIR– and accounts for over 700 incidents. What’s more, Verizon’s analysis shows that attacks are now moving into business critical systems, which encrypt file servers or databases, inflicting more damage and commanding bigger ransom requests.”
The major findings of the report
The major findings of the DBIR for 2018 are as follows:
- Ransomware most prevalent malware- Ransomware, which ranked 22nd in 2014 and 4th in 2017 in the DBIR, has now been found in 39% of the malware-related cases examined this year. It has now started impacting business critical systems and ransomware criminals are now making bigger ransom demands.
- Human factor continues to be a weakness- Employees all over are still falling victim to social engineering attacks. Of all social incidents that were investigated, financial pretexting and phishing represent 98 percent; they form 93 percent of all breaches investigated. The main entry point for such attacks is still the email (for 96 percent of cases). Companies today are more prone to social attacks than attacks exploiting actual vulnerabilities.
- Financial pretexting targeting HR- Compared to the 2017 DBIR, financial pretexting incidents have increased over five times. Of the 170 incidents analyzed, 88 specifically targeted HR staff seeking to obtain personal data for the filing of file fraudulent tax returns.
- DDoS attacks are there everywhere: DDoS (Distributed Denial of Service) attacks are there everywhere and almost anyone can be hit by a DDoS attack. DDoS attacks are often used as camouflage, to hide other breaches that are in progress; for this purpose, they get started, stopped and restarted quite often.
- Phishing attacks still happen: Though a majority of respondents got through phishing tests, there was a minority, 4 percent of them, who could fall victim to any phishing campaign. It’s to be remembered that hackers need just one victim for a phishing attack, to gain access to an enterprise network.
- Attackers are mostly outsiders: Of all the attacks analyzed, 72% were executed by outsiders, 50 percent of the attacks analyzed were executed by organized crime groups.
The industries and the risks involved…
The DBIR also discusses the biggest threats faced by individual industries. The focus is on the education sector, the finance and insurance industry, the healthcare industry, the information sector and the public sector.
About the major threats that the education sector faces, the Verizon press release says, “Social engineering targeting personal information is high, which is then used for identity fraud. Highly sensitive research is also at risk, with 20 percent of attacks motivated by espionage. Eleven percent of attacks also have “fun” as the motive rather than financial gain.”
The press release also makes this observation regarding threats that the financial and insurance sector faces- “Payment card skimmers installed on ATMs are still big business; however, we’re also now seeing a rise in “ATM jackpotting,” where fraudulently installed software or hardware instructs the ATMs to release large amounts of cash. DDoS attacks are also a threat.”
In the healthcare industry, it’s insider threats that are more prevalent compared to those from outside. Human errors too play a key role here. DDoS attacks contribute to 56 percent of incidents reported from the information industry while with the public sector, it’s cyber-espionage that’s the major concern. 43 percent of attacks are espionage-motivated attacks and these target state secrets as well as personal data.
The DBIR also discusses the threats faced by other industries, including accommodation and food services; manufacturing and retail; professional, technical and scientific services.
Proactive steps needed
The Data Breach Investigation Report also discusses the proactive steps that need to be taken to keep any organization safe. The Verizon press release says- “Sixty-eight percent of breaches took months or longer to discover, even though 87 percent of the breaches examined had data compromised within minutes or less of the attack taking place. While safety cannot be guaranteed, proactive steps can be taken to help keep organizations from being victims.”
The steps that need to be taken include being vigilant, making people the first line of defense, limiting access to information to employees who need it to do their job, prompt patching, encrypting sensitive data, using two-factor authentication and ensuring physical security as well.