Ransomware takes malware mantle in Verizon data breach investigations report

Ransomware has become the most popular form of malware in data security breaches, according to the 2018 Verizon Data Breach Investigation Report.

The report is based on 53,308 security incidents, 2,216 data breaches, and 67 contributors globally. Ransomware started to appear in 2013 and has become the top variety of malicious software and found in 39 percent of cases where malware was identified.

In addition, attacks are moving to more business critical systems that encrypt file servers and databases. Meanwhile, ransom demands are increasing.

Read also: Ransomware: An executive guide to one of the biggest menaces on the web | Ransomware: Get ready for the next wave of destructive cyberattacks | Ransomware: Why the crooks are ditching bitcoin and where they are going next | A Winning Strategy for Cybersecurity

"Ransomware has been on the upswing the last few years and continues to become more ubiquitous," said Dave Hylender, senior risk analyst at Verizon Business. In 2018, ransomware was twice as likely to be seen than any other malware. The reported noted:

Why has ransomware become so commonplace? Because it's easy to deploy and can be very effective--you don't have to be a master criminal; off-the-shelf toolkits allow any amateur to create and deploy ransomware in a matter of minutes. There's little risk or cost involved and there's no need to monetize stolen data.

Another key theme to note is that attacks that use social engineering have become more targeted. For instance, social engineering was behind a series of attacks used to grab W2 data from human resources department. Hylender said that targeted social engineering based attacks are evolving as mass phishing expeditions have retreated. "Attacks are becoming more creative and aiming at very specific targets," said Hylender.

Verizon's DBIR report is likely to include attacks on its own infrastructure, but the data is anonymized and aggregated.

Tech Pro Research security policies: Cybersecurity strategy research: Common tactics, issues with implementation, and effectiveness | Password management policy | Information security policy | IT physical security policy | IT leader's guide to cyberattack recovery | EU General Data Protection Regulation (GDPR) compliance checklist

Other key data points include:

• 73 percent of cyberattacks were perpetuated by outsiders. Organized criminal groups were behind half of all breaches with nation states or state-affiliated actors involved in 12 percent.
• 28 percent of attacks involved insiders. Insider errors were at the heart of 17 percent of breaches.
• 4 percent will click on any given phishing campaign.
• Financial pretexting and phishing account for 98 percent of social incidents and 93 percent of all breaches investigating. Email remains the most likely entry point. HR is the primary target.

• 93 percent of accommodation breaches were related to payments. Point of sale attacks dominate the accommodation and restaurant industries.
• 11 percent of attacks in education have "fun" as their primary motive.
• Healthcare is the only industry where insider threats are more dangerous than outsiders. Human error is a major contributor.
• 86 percent of manufacturing attacks are targeted and 47 percent of breaches involved the theft of intellectual property.
• 68 percent of breaches took months or longer to discover.

Related stories

• Cybersecurity: How to devise a winning strategy
• Free PDF download: A Winning Strategy for Cybersecurity
• Research: Employee compliance is the main challenge to implementing cybersecurity strategy
• Improve your cybersecurity strategy: Do these 2 things
• 10 ways to develop cybersecurity policies and best practices
• Electronic communication: What needs to be in a good policy
• Data storage and access policies: Here's what you need to think about
• How to write a good security policy for BYOD or company-owned mobile devices

Cybersecurity in an IoT and Mobile World

• What is the Internet of Things? Everything you need to know about the IoT right now
• Cybersecurity in an IoT and mobile world: The key trends
• Free PDF download: Cybersecurity in an IoT and mobile world
• Infographic: Almost half of companies say cybersecurity readiness has improved in the past year
• Cyberweapons are now in play: From US sabotage of a North Korean missile test to hacked emergency sirens in Dallas
• Five nightmarish attacks that show the risks of IoT security
• Ten best practices for securing the Internet of Things in your organization
• Five pitfalls to avoid in mobile and IoT security

Cyberwar and the Future of Cybersecurity

• Locky ransomware: Why this menace keeps coming back
• Encryption: In the battle between maths and politics there is only one winner
• Expanded state hacking powers make a stealthy return to German agenda
• Ransomware attack: How a nuisance became a global threat
• Ransomware attack: The clean-up continues after WannaCry chaos
• Congress introduces bill to stop US from stockpiling cyber-weapons
• Cybercrime and cyberwar: A spotter's guide to the groups that are out to get you
• Research: Companies see mobile devices as big cybersecurity threat