Ransomware attacks are moving away from the consumer space and into business-critical systems, encrypting entire databases and servers, commanding bigger ransom requests and inflicting more damage than ever, according to an analysis of data from 67 organizations.
Verizon’s 2018 Data Breach Investigations Report (DBIR), in its 11th edition, offers an analysis of the ransomware phenomenon based on more than 53,000 incidents and 2,216 breaches from 65 countries.
Ransomware was the most prevalent variety of malicious software, identified in 39% of malware-related cases examined in 2018, up from fourth place in the 2017 and 22nd in 2014.
“Most importantly, based on Verizon’s dataset [ransomware] has started to impact business critical systems rather than just desktops. This is leading to bigger ransom demands, making the life of a cybercriminal more profitable with less work,” reads the report (emphasis ours).
The human factor
As revealed by other studies, the human factor was found to be a key weakness, with employees falling victim to social engineering like financial pretexting and phishing (98% of social incidents and 93% of all breaches investigated, respectively).
Email remains the main entry point, reported in 96% of the cases. A business is three times more likely to fall victim to a social engineering attack than through a vulnerability in its systems, the data showed.
Financial pretexting was found to mostly target human resources departments, where incidents have increased five-fold since last year. Of 170 incidents reported, 88 specifically targeted HR staff “to obtain personal data for the filing of file fraudulent tax returns.”
On average 78% of people did not fail a phishing test last year, which may sound encouraging but, in fact, it is not. This is because 4% of people do fall for any given phishing campaign, and cybercriminals typically only need one unwary victim to gain access to an organization’s data.
DDoS attacks and internal actors
Distributed Denial of Service, or DDoS for short, is a form of attack that directs massive amounts of data to a system, causing it to “collapse” under the sheer weight of the information it has to process. While some attacks are obvious in their intention, others are used as camouflage for a bigger operation.
“DDoS attacks can impact anyone and are often used as camouflage, often being started, stopped and restarted to hide other breaches in progress. They are powerful, but also manageable if the correct DDoS mitigation strategy is in place,” according to the analysis.
Unsurprisingly, Verizon also found that most attackers are outsiders (72%), and a single breach typically has multiple attackers. However, the analysis also attributed as many as 27% of attacks to internal actors. Some 4% involved partners. Organized crime is still very present in 2018, accounting for half of the attacks analyzed.
Industries at risk
The analysis also includes the industries most exposed to risk, including the education sector, where social engineering targeting personal information was very prevalent, leading to numerous cases of identity fraud.
The financial and insurance sectors are also popular targets, with ATM jackpotting growing more popular recently. In ATM jackpotting, attackers install malware or additional hardware to instruct the ATM to dispense cash. Hackers also target healthcare, information, accommodation and food services, professional, technical and scientific services, manufacturing and retail and, last but not least, the public sector. In other words, bad actors are present in almost every major industry.
There is a general misconception that endpoints are the most exposed to cyber threats, be it ransomware or, more recently, cryptojacking – where attackers seize control of a computer to harness its processing power to generate digital currency like Bitcoin or Monero. However, Bitdefender telemetry shows threat actors are increasingly targeting data centers for fast profits.