April 12, 2018
A study suggests that ransomware has become the most common type of malware used in cyber-attacks.
The annual Verizon data breach investigations report suggests that nearly 40% of all fruitful malware-based attacks involved ransomware.
The kinds of systems undermined were changing also, it found, with offenders attempting to hit databases not only PCs.
It also showed companies had substantial success in coping with some kinds of cyber-attacks.
They had specific success in coping with attempts to knock web servers offline and identifying phishing electronic mails,
“Ransomware breaches doubled up last year and might double up again this year,” stated Gabe Bassett, senior information safety scientist at Verizon who assisted gather as well as write the report.
As soon as ransomware contaminates a machine it encodes data until a payment, typically in the shape of a popular cryptocurrency, is made.
Mr. Bassett stated ransomware was popular since it let cyber-thieves swiftly cash in on the safety mistakes made by companies both small and large.
Desktop machines were most likely to be undermined by ransomware, found the report, however, attackers had begun turning their attention to more important business systems.
“We are seeing more and more databases attacked as attackers find these systems online and encode them,” stated Mr. Bassett, adding that the numbers of these type of attacks trebled last year.
He said these were appealing targets since businesses were more likely to pay a high ransom to unlock the business-critical data.
Chief executive at Security Company, SonicWall, Bill Conner stated the high-profile NotPetya and WannaCry ransomware attacks in 2017 were behind the increasing popularity of the category. And, he added, it was now beginning to hit a very “target rich” sector.
“Ransomware is really the first time that small and medium businesses have been targeted,” he said. “However, they are least prepared since they have the least money and they can’t go out and employ cyber-experts.”
Ransomware was only one normal attack among several in the collection of cyber-thieves, said Mr. Bassett.
Other widespread attacks contain:
- using stolen identifications to access company networks
- phishing electronic mails that appear like they come from reliable financial organizations
- hateful hackers posturing as senior staff who attempt to push through payments to bogus dealers
In spite of the persistent wave of attacks, the report also found that businesses were relishing success when fighting off some cyber-threats, said Mr. Bassett.
Companies were now much less likely to fall prey to phishing and so-called Distributed Denial of Service (DDoS) attacks. DDoS involves overwhelming a server with traffic so it becomes unresponsive or collapses.
“We know how to cope with DDoS,” said Mr. Bassett. “We have defenses against them and they work.” Statistics in the report indicate server idle time caused by DDoS often just lasts a few minutes.
Additionally, he said, many businesses had got better at coping with phishing by isolating the machines of those staff who were most likely to click on a hateful link or document.
And, added Mr. Bassett, while cyber-attackers place billions of hateful files on the net every year, the number that got through to companies was often fairly small.
Generally, found the Verizon survey, companies received around seven pieces of malware a day.
“That’s a threat we can cope with,” said Mr. Bassett. “The truth is that there is a lot that we can do. We can take some simple measures and make it much tougher for attackers.”