While the rate of growth of ransomware may have cooled a bit, such attacks are still growing at a hot pace. According to the annual Verizon Data Breach Investigations Report (DBIR), released late last week, ransomware was involved in 71 percent of all malware related cases tracked.
And, when compared to the 2016 DBIR, ransomware attacks are up 50 percent. “In our dataset, ransomware attacks are not counted as breaches because typically we cannot confirm that data confidentiality was violated. However, the US Department of Health and Human Services (HHS) has given guidance that ransomware incidents should be treated as a breach for reporting purposes. This year, ransomware accounts for 72% of malware incidents in the Healthcare industry,” the report stated.
Of course it’s not all about ransomware. The 2017 DBIR also found that Advanced Persistent Threats (APTs) and cyberespionage remain top risks. In fact, 21 percent of breaches during the period covered were linked to nation state groups such as Fancy Bear and Equation Group. The report also stated that targeting phishing attacks are how state-sponsored APTs often initiate attacks.
Manufacturing, perhaps because of the amount of intellectual property at stake, was the hardest business sector that Verizon looked at, comprising 38 percent of phishing attacks. The public sector was a close second, at 34 percent.
“The security industry is not taking the rise in ransomware lying down. Security vendors are working on multiple fronts to: detect ransomware before infections become critical, protect individuals and organizations from criminal campaigns, and help rescue ransomed systems without enriching attackers,” the report stated.
The DBIR is an annual analysis of thousands of security incidents and data breaches. This year the DBIR was based looking at 40,000 incidents and just under 2,000 data breaches. The 2017 DBIR shows that criminals sought to breach manufacturing, the public sector and education the most in this set of breached. The bulk of attacks in the healthcare industry were ransomware attacks.
“While ransomware dates back to 1989, in the past year we have seen more technical and process innovation in ransomware than we have seen since the invention of Bitcoin-enabled anonymous payments. Fueled by the success of early attacks, the number of ransomware incidents increased to 228 in this year’s report from 159 in the 2016 DBIR,” the report stated.
While ransomware attacks are on the rise, the report authors concluded that many organizations still run on out-of-date security defenses and don’t invested enough in security. “In essence, they’re opting to pay a ransom demand rather than to invest in security services that could mitigate against a cyberattack,” they wrote.
Here are the report highlights from the 2017 DBIR:
- Malware is big business: Fifty-one (51) percent of data breaches analyzed involved malware. Ransomware rose to the fifth most common specific malware variety. Ransomware – using technology to extort money from victims - saw a 50 percent increase from last year’s report, and a huge jump from the 2014 DBIR where it ranked 22 in the types of malware used.
- Phishing is still a go-to technique: In the 2016 DBIR, Verizon flagged the growing use of phishing techniques linked to software installation on a user’s device. In this year’s report, 95 percent of phishing attacks follow this process. Forty-three percent of data breaches utilized phishing, and the method is used in both cyber-espionage and financially motivated attacks.
- Pretexting is on the rise: Pretexting is another tactic on the increase, and the 2017 DBIR showed that it is predominantly targeted at financial department employees – the ones who hold the keys to money transfers. Email was the top communication vector, accounting for 88 percent of financial pretexting incidents, with phone communications in second place with just under 10 percent.
- Smaller organizations are also a target: Sixty-one (61) percent of victims analyzed were businesses with fewer than 1,000 employees.
- The top three industries for data breaches are financial services (24 percent); healthcare (15 percent) and the public sector (12 percent).
- Companies in the manufacturing industry are the most common targets for email-based malware.
- Sixty-eight (68) percent of healthcare threat actors are internal to the organization.
According Bryan Sartin, executive director, Global Security Services, Verizon Enterprise Solution, attackers still love to exploit weaknesses in people. “Cybercriminals concentrate on four key drivers of human behavior to encourage individuals to disclose information: eagerness, distraction, curiosity and uncertainty. And as our report shows, it is working, with a significant increase in both phishing and pretexting this year,” Sartin said in a news statement announcing the release of the report.
The report confirmed concerns expressed by CISOs at the RSA 2017 security conference in a Bitdefender survey released this week. In that survey, as Luana Pascu reports, APTs ruled attention as a result of the APT28 attacks. “The Kremlin-sponsored hacking group behind the Democratic Party breach scandal, the attacks against NATO or those on French TV network TV5 is now shifting attention towards Europe. Earlier this week the campaign of Emmanuel Macron, favorite to become France's next president, was allegedly targeted by the same cyber espionage group,” Pascu wrote in her post.
Such APT attacks are among the top concerns for CISOs, the Bitdefender report found.