Newer security threats like cryptojacking make for splashier stories — and, to be fair, do pose a serious risk. But good old-fashioned ransomware remains the most prevalent variety of malicious software and a major threat to companies of all sizes, according to the latest Verizon data breach report.
Verizon’s 2018 Data Breach Investigations Report found ransomware in 39 percent of malware-related data breaches — this is double that of the previous year’s ransomware attacks — and accounts for more than 700 incidents.
Additionally, hackers aren’t just looking to encrypt single user devices. The report found ransomware attacks are now moving into business-critical systems, which encrypt file servers or databases. This means they can do more damage and command bigger ransom requests.
Now in its 11th year, Verizon’s report includes data collected between Nov. 1, 2016 and Oct. 31, 2017 from 67 contributing organizations with analysis on more than 53,000 incidents and 2,216 breaches from 65 countries.
Ransomware: Easy and Effective
The reason why ransomware is exploding is because it’s easy to deploy and can be very effective, said Gabriel Basset, senior information security data scientist at Verizon and co-author of the report.
“Sometimes we think about the bad guys like a mythical group that does these superhuman things, and in reality they are just like you and me — someone else doing their job and that job is to cause breaches,” he said. “They are looking for the greatest breach with the lowest investment. Ransomware is a really good value proposition for the attacker.”
Financial pretexting and W2 scams are also good value propositions.
The report found financial pretexting increased over five times compared to last year’s report with 170 incidents, compared to 61 in the 2017 report. Eighty-eight of these specifically targeted HR staff to obtain personal data for the filing of fraudulent tax returns.
Still Falling for Phishing
And while on average 78 percent of people did not click on a phishing test, some employees still fall for phishing campaigns. Verizon found 4 percent do click on any given phishing campaign. This is significant because a hacker only needs one victim to get access into an organization.
“If you can get an HR employee to send you the W2 forms for the entire company, you can commit tax fraud on every one of those employees and it only took this one phishing email to do it,” Basset said.
Symantec’s annual cybersecurity report published last month found 71 percent of all targeted attacks in 2017 started with spear phishing.
The good news about 78 percent not falling for the phishing test: companies can focus anti-phishing education efforts on a small group of employees. “There are people who have to open attachments from people they don’t necessarily know, like you legal department or HR, so target those people and find solutions for them,” Basset said.
Organized Criminal Groups
The authors also looked at who the attackers are and found 72 percent of attacks were perpetrated by outsiders, 27 percent involved internal actors, 2 percent involved partners, and 2 percent feature multiple partners. Organized crime groups account for 50 percent of the attacks analyzed, with nation-state or state-affiliated actors involved in 12 percent.
Sixty-eight percent of breaches took months or longer to discover, even though 87 percent of the breaches examined had data compromised within minutes or less of the attack taking place.
“Breaches are four times more likely to be short, and that’s important for an organization because if you’re looking at what you’re going to invest in for mitigation it doesn’t make sense to invest in stopping these very long attacks,” Basset said. “The short paths are what the attackers prefer.”
- Check log files and change management systems, which provide early warning of a breach.
- Train employees to spot the warning signs.
- Give access to systems only to employees that need this access to do their jobs.
- Patch promptly.
- Encrypt sensitive data.
- Use two-factor authentication.
- Don’t forget physical security.
Ransomware chart credit: Verizon’s 2018 Data Breach Investigations Report