While the rate of growth of ransomware may have cooled a bit, such attacks are still growing at a hot pace. According to the annual Verizon Data Breach Investigations Report (DBIR), released late last week, ransomware was involved in 71 percent of all malware related cases tracked.
And, when compared to the 2016 DBIR, ransomware attacks are up 50 percent. “In our dataset, ransomware attacks are not counted as breaches because typically we cannot confirm that data confidentiality was violated. However, the US Department of Health and Human Services (HHS) has given guidance that ransomware incidents should be treated as a breach for reporting purposes. This year, ransomware accounts for 72% of malware incidents in the Healthcare industry,” the report stated.
Of course it’s not all about ransomware. The 2017 DBIR also found that Advanced Persistent Threats (APTs) and cyberespionage remain top risks. In fact, 21 percent of breaches during the period covered were linked to nation state groups such as Fancy Bear and Equation Group. The report also stated that targeting phishing attacks are how state-sponsored APTs often initiate attacks.
Manufacturing, perhaps because of the amount of intellectual property at stake, was the hardest business sector that Verizon looked at, comprising 38 percent of phishing attacks. The public sector was a close second, at 34 percent.
“The security industry is not taking the rise in ransomware lying down. Security vendors are working on multiple fronts to: detect ransomware before infections become critical, protect individuals and organizations from criminal campaigns, and help rescue ransomed systems without enriching attackers,” the report stated.
The DBIR is an annual analysis of thousands of security incidents and data breaches. This year the DBIR was based looking at 40,000 incidents and just under 2,000 data breaches. The 2017 DBIR shows that criminals sought to breach manufacturing, the public sector and education the most in this set of breached. The bulk of attacks in the healthcare industry were ransomware attacks.
“While ransomware dates back to 1989, in the past year we have seen more technical and process innovation in ransomware than we have seen since the invention of Bitcoin-enabled anonymous payments. Fueled by the success of early attacks, the number of ransomware incidents increased to 228 in this year’s report from 159 in the 2016 DBIR,” the report stated.
While ransomware attacks are on the rise, the report authors concluded that many organizations still run on out-of-date security defenses and don’t invested enough in security. “In essence, they’re opting to pay a ransom demand rather than to invest in security services that could mitigate against a cyberattack,” they wrote.
Here are the report highlights from the 2017 DBIR:
According Bryan Sartin, executive director, Global Security Services, Verizon Enterprise Solution, attackers still love to exploit weaknesses in people. “Cybercriminals concentrate on four key drivers of human behavior to encourage individuals to disclose information: eagerness, distraction, curiosity and uncertainty. And as our report shows, it is working, with a significant increase in both phishing and pretexting this year,” Sartin said in a news statement announcing the release of the report.
The report confirmed concerns expressed by CISOs at the RSA 2017 security conference in a Bitdefender survey released this week. In that survey, as Luana Pascu reports, APTs ruled attention as a result of the APT28 attacks. “The Kremlin-sponsored hacking group behind the Democratic Party breach scandal, the attacks against NATO or those on French TV network TV5 is now shifting attention towards Europe. Earlier this week the campaign of Emmanuel Macron, favorite to become France's next president, was allegedly targeted by the same cyber espionage group,” Pascu wrote in her post.
Such APT attacks are among the top concerns for CISOs, the Bitdefender report found.
tags
George V. Hulme is an internationally recognized information security and business technology writer. For more than 20 years Hulme has written about business, technology, and IT security topics. From March 2000 through March 2005, as senior editor at InformationWeek magazine, he covered the IT security and homeland security beats. His work has appeared in CSOOnline, ComputerWorld, Network Computing, Government Computer News, Network World, San Francisco Examiner, TechWeb, VARBusiness, and dozens of other technology publications.
View all postsDon’t miss out on exclusive content and exciting announcements!