The latest data breach report from Verizon is out, and if you’re looking for good news about the cyber security landscape you might be disappointed.
According to the Verizon 2017 Data Breach Investigations Report, cyber espionage and ransomware attacks are on the increase.
Cyber espionage is now the most common type of attack seen in manufacturing, the public sector and education, the report noted.
Much of this is due to the high proliferation of propriety research, prototypes and confidential personal data, which are high-demand items for cyber criminals, Verizon said.
To create the study, Verizon analyzed data from its own security team and that of 65 leading security practitioners from around the world. This year’s report includes analysis of 42,068 incidents and 1,935 breaches from 84 countries. Of those breaches, more than 300 were related to espionage. Many of the espionage-related breaches began as phishing emails, Verizon said.
Another key trend was organized criminal groups escalating their use of ransomware to extort money from victims. The report said there was a 50% increase in ransomware attacks compared with the previous year.
Despite the rise in ransomware attacks and the related media coverage surrounding the use of ransomware, many organizations continue to rely on out-of-date security solutions and are not investing in security precautions against these types of incidents. In effect, the report said, they are opting to pay a ransom demand rather than invest in security products and services that could protect them against such an attack.
Slightly more than half (51%) of data breaches analyzed for the report involved some type of malware. Ransomware rose to the fifth most common specific malware variety. In the 2014 version of the data breach report ransomware ranked 22nd in the types of malware used.
Another major finding of the study was that phishing is still a go-to technique for attackers. In the 2016 report, Verizon noted the growing use of phishing techniques linked to software installation on users’ devices. In the most recent study, 95% of phishing attacks follow this process. Forty-three percent of data breaches involve phishing, and the method is used for both cyber espionage and financially motivated attacks.
Use of another tactic, pretexting—a type of social engineering in which a criminal attempts to gain personal information from an individual under false pretexts—is also on the rise. The 2017 report showed that it is predominantly aimed at financial department employees at organizations, those who hold the keys to money transfers. Email was the top communication vector, accounting for 88% of financial pretexting incidents. Phone communications was next with just under 10%.
Cyber attacks aimed at “the human factor” are still a major issue, according to Bryan Sartin, executive director, Global Security Services, at Verizon Enterprise Solutions. Cyber criminals concentrate on four key drivers of human behavior to encourage people to disclose information: eagerness, distraction, curiosity and uncertainty. And the Verizon report shows that these efforts are working, with a significant rise in both phishing and pretexting incidents during the year.
Some sectors are hit hard than others when it comes to cyber attacks. The top three industries for data breaches are financial services (24% of total breaches); healthcare (15%) and the public sector (12%).
Companies in the manufacturing industry are the most common targets of email-based malware, and 68% of healthcare threat actors are internal to the organization, according to the report. The cyber crime data for each industry varies dramatically, Sartin, said.
With a huge majority (81%) of hacking-related breaches leveraging either stolen passwords or weak or guessable passwords, “getting the basics right” is as important as ever, Verizon said. The report makes several recommendations for organizations and individuals.
These include staying vigilant and using log files and change management systems to provide an early warning of a breach; making people the first line of defense by training staff to identify warning signs of an attack; keeping data on a “need to know” basis, with only employees that need access to systems to do their jobs having such access; patching promptly to guard against many types of attacks; encrypting sensitive data to make sure data is essentially useless if it is stolen; using two-factor authentication, to limit the damage that can be done with lost or stolen credentials; and providing physical security to protect data.
“Our report demonstrates that there is no such thing as an impenetrable system,” Sartin noted. “But doing the basics well makes a real difference. Often, even a basic defense will deter cyber criminals who will move on to look for an easier target.”
To protect your business against WannaCry and other similar ransomware waves, all of Bitdefender’s endpoint security solutions are able to prevent the infection of our customers, thanks to their effective machine-learning based detection.
To further enhance protection against similar attack waves, you can completely seal your infrastructure against zero-days or unpatched vulnerabilities, by employing Hypervisor Introspection to protect your virtual workloads.
Author: Bogdan Botezatu
Bogdan Botezatu has spent the past 10 years as a Senior E-threat Analyst at Bitdefender. His areas of expertise include malware deobfuscation, detection, removal and prevention. Bogdan is the author of A History of Malware and Botnets 101. Before joining Bitdefender, he worked at one of Romania’s largest and oldest universities as network administrator in charge of SecOps and policies.