Verizon Releases “2018 Data Breach Investigations Report”: Ransomware Has Become the Most PrevalentMalware
According to threatpost reports, U.S. telecommunications giant Verizon said in its 2018 Data Leakage Investigation Report (DBIR) on Tuesday that the number of ransomware attacks has doubled in the past year and become the most popular malware. It’s because hacking organizations want to pay ransoms by locking down key business systems and thus gain huge benefits.
Bryan Sartin, Verizon Executive Director of Security Professional Services, said in a statement: “[Ransomware] is now the most prevalent form of malware, and its use has increased significantly over recent years. What is interesting to us is that businesses are still not investing in appropriate security strategies to combat ransomware, meaning they end up with no option but to pay the ransom – the cybercriminal is the only winner here.”
After analyzing more than 53,000 security incidents (including 2,215 violations), Verizon said that ransomware attacks represent 39% of specific malware incidents.
One of the trends in the promotion of ransomware attacks is the ability to target critical business systems (non-desktops) that may cause more damage to the company, and it is likely that hacking organizations will attempt to use it as a target of extortion to gain more benefits. Over time, asset classes in ransomware incidents have moved from user devices to servers. Verizon says this is because hackers realize that encrypting file servers or databases is more destructive than a single user’s device.
Verizon said that horizontal movements and other threat activities are often involved in other systems that can be used for infection and occlusion. These ransomware attacks are attractive to hacking organizations because hackers themselves barely need to bear any risks or costs, and they also do not need to breach confidentiality terms to achieve their goals.
Verizon stated in his report that many hackers currently consider money as their top priority. According to the survey, 76% of all violations are financially motivated.
For example, the most prominent examples of ransomware in 2017 were the WannaCry and NotPetya attacks in May. WannaCry ransomware infects more than 300,000 systems in 150 countries and requires a $300 ransom to decrypt the key. At the same time, NotPetya encrypted the master boot record and requested Bitcoin as the main form of the ransom payment.
In October, BadRabbit, another ransomware activity, shook the security industry. This event-related to Russia’s Telebots was launched using malware on websites in Russia, Ukraine, and Eastern Europe. In this incident, the attackers aimed at the infrastructure (not just the desktop system) and caused great damage, of which Ukraine suffered the greatest damage to key network assets and infrastructure.
Recently, in March 2018, the city of Atlanta became the target of ransomware attacks. The incident affected several departments and smashed government websites that process payments and pass on court information. Subsequently, Atlanta City was asked to pay $51,000 in exchange for a key to decrypt the system.
To mitigate the possibility of ransomware attacks, Verizon recommends in its report that users should ensure that they have regular backups, segregate those assets that are important, and prioritize business continuity.
Verizon found that, overall, hackers, malware, and social attacks (such as phishing) were the top security breaches in the past year.
In addition, Distributed Denial of Service (DDoS) attacks is another major threat highlighted by the Verizon 2018 report. Verizon said: “DDoS attacks can impact anyone and are often used as camouflage, often being started, stopped and restarted to hide other breaches in progress.”
Currently, most cybercriminals are economically motivated. Therefore, it is not surprising that they attacked the financial, insurance, and retail industries. Sean Newman, director of product management at Corero Network Security, believes that DDoS technology that detects and automatically mitigates attacks in real time is an essential requirement for online companies that want 100% uptime.
Source: threatpost
