That’s the conclusion of at least one cybersecurity services provider. According to Risk Based Security, following year over year increases in the number of publicly reported data breaches, the first three months of 2018 saw a respectable decline. But while the numbers look good, they may reflect a change in criminal targeting and goals and less an indication that cyber-criminals are waving white flags.
According to Risk Based Security’s Q1 2018 Data Breach QuickView Report, the number of breaches disclosed in the first three months of this year declined to 686 compared to 1,444 breaches reported in the same year-ago period.
Still, the number of records exposed were high: more than 1.4 billion.
It seems, for the period, a shift from targeting files for theft to mining cryptocurrencies could explain the turn of events. “The spike in the value of cryptocurrencies that took place in January fueled a rapid expansion into the theft of computing resources, the firm said in this news release.
Bitdefender recently published a Cryptomining infographic available here.
While publicly reported breaches declined, it turned out that most everything else remained in line with expectations. According to the report, the five most common types of data breaches for the start of 2018 were hacking, skimming, inadvertent disclosure on the Internet, phishing and malware.
“Likewise, the vast majority of breaches are still originating from outside the organization, most events are being discovered by external parties, the data types targeted and average number of records compromised showed little variation from 2017,” Risk Based Security found.
The full Risk Based Security report is available to download here.
The fact that organizations are still finding out that they’ve been breached by third-parties, which often include partners, customers, and law enforcement such as the FBI remains an embarrassment. Enterprises should be doing a better job looking for indicators of compromise and understanding when their systems have been breached. Organizations discovering that they’ve been breached by hearing it from outsiders has been a commonality of data breaches going back to the old FBI State of Computer Crime Surveys in the 1990s.
In his post, Ransomware, Digital Currency Miners dominate the threat landscape in 2017, Bitdefender study shows, Bogdan Botezatu wrote that crypto-currency miners took multiple approaches in 2017. “Traditional illicit coin miners have rushed to adopt lateral movement tactics such as the EternalBlue and EternalRomance exploits, allegedly originating from the NSA, to infect computers in organizations and increase mining efforts. Representative of this category is the Monero miner Adylkuzz, which appeared in early May, roughly at the same time as WannaCry. Another notable development is attackers’ move to integrate mining code in compromised web sites to reach a broader audience and increase the mining yield,” he wrote.
Despite the dramatic fall in Bitcoin prices, cryptocurrencies aren’t going anywhere and cryptojacking and cryptomining are here to stay.