Ransomware takes malware mantle in Verizon Data Breach Investigation Report

April 11, 2018

Ransomware has become the most popular form of malware in data security breaches, according to the 2018 Verizon Data Breach Investigation Report.

The report is based on 53,308 security incidents, 2,216 data breaches, and 67 contributors globally. Ransomware started to appear in 2013 and has become the top variety of malicious software and found in 39% of cases where malware was identified.

In addition, attacks are moving to more business critical systems that encrypt file servers and databases. Meanwhile, ransom demands are increasing.

“Ransomware has been on the upswing the last few years and continues to become more ubiquitous,” said Dave Hylender, senior risk analyst at Verizon Business. In 2018, ransomware was twice as likely to be seen than any other malware.

The reported noted: “Why has ransomware become so commonplace? Because it’s easy to deploy and can be very effective—you don’t have to be a master criminal; off-the-shelf toolkits allow any amateur to create and deploy ransomware in a matter of minutes. There’s little risk or cost involved and there’s no need to monetize stolen data.”

Another key theme to note is that attacks that use social engineering have become more targeted. For instance, social engineering was behind a series of attacks used to grab W2 data from human resources department. Hylender said that targeted social engineering based attacks are evolving as mass phishing expeditions have retreated. “Attacks are becoming more creative and aiming at very specific targets,” said Hylender.

Other key data points include:

  • 73% of cyberattacks were perpetuated by outsiders. Organized criminal groups were behind half of all breaches with nation states or state-affiliated actors involved in 12%.
  • 28% of attacks involved insiders. Insider errors were at the heart of 17% of breaches.
  • 4% will click on any given phishing campaign.
  • Financial pretexting and phishing account for 98% of social incidents and 93% of all breaches investigating. Email remains the most likely entry point. HR is the primary target.
  • 93% of accommodation breaches were related to payments. Point of sale attacks dominate the accommodation and restaurant industries.
  • 11% of attacks in education have “fun” as their primary motive.
  • Healthcare is the only industry where insider threats are more dangerous than outsiders. Human error is a major contributor.
  • 86% of manufacturing attacks are targeted and 47% of breaches involved the theft of intellectual property.
  • 68% of breaches took months or longer to discover.

ZDNet has the full story