If it seems like you’re hearing more about ransomware attacks, it’s not just that more high-profile attacks — like the recent takeover of some city government systems in Atlanta, Ga.– are making the news. Ransomware attacks have increased significantly in the last couple of years, according to Verizon’s 2018 Data Breach Investigations Report.
Dave Hylender, senior risk analyst at Verizon Enterprise and a co-author on the annual DBIR, said that ransomware “is really kind of growing immensely, and it’s also incredibly widespread. I don’t think there’s a single industry vertical that we look at, that is not affected by ransomware in some way.”
Hylender said that ransomware incidents were a very small part of the data just a few years ago, calling it “barely a blip on the radar” that has since emerged as a significant attack vector.
“Ransomware was first mentioned in the 2013 DBIR and we referenced that these schemes could ‘blossom as an effective tool of choice for online criminals,'” the DBIR noted. “And blossom they did! Now we have seen this style of malware overtake all others to be the most prevalent variety of malicious code for this year’s dataset.”
Verizon’s data in this 11th year of its DBIR report reflected more than 53,000 security incidents — in which information is compromised but not necessarily breached — and 2,216 confirmed data breaches. However, Verizon noted that it did exclude from that data set, incidents where botnets targeted businesses’ customers and infected their personal devices with malware to capture log-in information. That figure was more than 43,000 successful accesses with stolen credentials, Verizon said, and would have drowned out all other trends in its data, so it examined that data separately within the report.
Other trends included:
-73% of breaches were perpetrated by people outside an organization, and 50% were backed by organized crime.
-58% of victims were small businesses. As a vertical, healthcare accounted for the most attacks, suffering 24% of data breaches.
-Nearly half of breaches — 48% — involved hacking as the method of attack, with another 30% of attacks featuring malware. Verizon found that 17% of attacks were “social attacks” in which employees were the targets of phishing or pretexting.
Financial pretexting has increasingly taken “a very particular route” in target human resources professionals, Hylender said. An attacker will target an HR employee by stealing or spoofing the credentials of a C-level executive such as a chief financial officer, and then ask for either a direct financial transfer or for employees’ financial information, such as social security numbers or other such information. Hylender said that in such cases, attackers will often take the time to study the executive’s speaking or writing style in order to make the request appear to be authentic.
In general, while most people don’t click on phishing emails, Hylender said, there are about 4% of employees who will — and that those 4% “will almost always be repeat offenders. If they click once, they will click again and again.” If employers can identify that 4% of employees and put protections in place targeted at them, Hylender said, “you go along way toward protecting your data.”
Verizon has always looked at how quickly enterprises discover that they’ve been compromised and respond with mitigation measures — and as in the past, the news there isn’t particularly rosy. The findings this year still reflect that in the majority of data breaches, it took “months or longer” to even discover the breach and then weeks or months before mitigation.
“When breaches are successful, the time to compromise continues to be very short,” according to the report. “While we cannot determine how much time is spent in intelligence gathering or other adversary preparations, the time from first action in an event chain to initial compromise of an asset is most often measured in seconds or minutes. The discovery time is likelier to be weeks or months.”
“That’s sort of a depressing trend that we really have to reverse,” Hylender said.
Image copyright: bluebay / 123RF Stock Photo