Ransomware takes malware mantle in Verizon data breach investigations report

Ransomware fares well in Verizon's 2018 data breach recap and cybercriminals are becoming more targeted and taking aim at human resources in many cases.

Ransomware: The new cost of doing business Ransomware -- the most high-profile tool in the cybercriminal arsenal -- is on the rise in attacks against businesses. Read more: https://zd.net/2HbzH7C

Ransomware has become the most popular form of malware in data security breaches, according to the 2018 Verizon Data Breach Investigation Report.

The report is based on 53,308 security incidents, 2,216 data breaches, and 67 contributors globally. Ransomware started to appear in 2013 and has become the top variety of malicious software and found in 39 percent of cases where malware was identified.

In addition, attacks are moving to more business critical systems that encrypt file servers and databases. Meanwhile, ransom demands are increasing.

Read also: Ransomware: An executive guide to one of the biggest menaces on the web | Ransomware: Get ready for the next wave of destructive cyberattacks | Ransomware: Why the crooks are ditching bitcoin and where they are going next | A Winning Strategy for Cybersecurity

"Ransomware has been on the upswing the last few years and continues to become more ubiquitous," said Dave Hylender, senior risk analyst at Verizon Business. In 2018, ransomware was twice as likely to be seen than any other malware. The reported noted:

Why has ransomware become so commonplace? Because it's easy to deploy and can be very effective--you don't have to be a master criminal; off-the-shelf toolkits allow any amateur to create and deploy ransomware in a matter of minutes. There's little risk or cost involved and there's no need to monetize stolen data.

Another key theme to note is that attacks that use social engineering have become more targeted. For instance, social engineering was behind a series of attacks used to grab W2 data from human resources department. Hylender said that targeted social engineering based attacks are evolving as mass phishing expeditions have retreated. "Attacks are becoming more creative and aiming at very specific targets," said Hylender.

dbir-2018-1.png

Credit: Verizon

dbir-2018-2.png


Verizon's DBIR report is likely to include attacks on its own infrastructure, but the data is anonymized and aggregated.

Tech Pro Research security policies: Cybersecurity strategy research: Common tactics, issues with implementation, and effectiveness | Password management policy | Information security policy | IT physical security policy | IT leader's guide to cyberattack recovery | EU General Data Protection Regulation (GDPR) compliance checklist

Other key data points include:

  • 73 percent of cyberattacks were perpetuated by outsiders. Organized criminal groups were behind half of all breaches with nation states or state-affiliated actors involved in 12 percent.
  • 28 percent of attacks involved insiders. Insider errors were at the heart of 17 percent of breaches.
  • 4 percent will click on any given phishing campaign.
  • Financial pretexting and phishing account for 98 percent of social incidents and 93 percent of all breaches investigating. Email remains the most likely entry point. HR is the primary target.
dbir-2018-3.png
dbir-2018-4.png

  • 93 percent of accommodation breaches were related to payments. Point of sale attacks dominate the accommodation and restaurant industries.
  • 11 percent of attacks in education have "fun" as their primary motive.
  • Healthcare is the only industry where insider threats are more dangerous than outsiders. Human error is a major contributor.
  • 86 percent of manufacturing attacks are targeted and 47 percent of breaches involved the theft of intellectual property.
  • 68 percent of breaches took months or longer to discover.

Related stories

Cybersecurity in an IoT and Mobile World

Cyberwar and the Future of Cybersecurity