Cyberattacks involving extortion are on the rise, report says
Cyberattacks involving ransomware — in which criminals use malicious software to encrypt a user’s data and extort money to unencrypt it — increased 50 per cent in 2016, according to a report from Verizon.
Criminals increasingly shifted from going after individual consumers to attacking vulnerable organizations and businesses, the report said. Government organizations were the most frequent target, followed by health-care and financial services businesses, according to data from security company McAfee, which partnered with Verizon on the report published Thursday.
Instances of ransomware attacks have grown along with the market for bitcoin, the digital currency that’s the most common way cybercriminals demand ransoms be paid because of its anonymity.
While overall most malware was delivered through infected websites, increasingly criminals were turning to phishing — using fraudulent emails designed to get a user to download attachments or click on links to websites infected with malware — to carry out attacks. A fifth of all malware raids began with a phishing email in 2016, while fewer than one in 10 did the year before, according to the report.
“These emails are often targeted at specific job functions, such as HR and accounting — whose employees are most likely to open attachments or click on links — or even specific individuals,” the report said.
Where in the past most ransomware simply encrypted the data on the device where it was first opened, Verizon security researcher Marc Spitler said criminal gangs are using more sophisticated hacking techniques, seeking out business critical systems and encrypting entire data servers.
“There is increased sophisticated surveillance and targeting of organizations to maximize profit,” he said in an interview.
Criminal gangs were behind the majority of all cybersecurity breaches last year, Verizon said, with financial services firms the most common victims, accounting for about a quarter of all attacks.
But espionage — by foreign governments or unknown entities — was on the rise, accounting for 21 per cent of all breaches in 2016 up from less than 10 per cent in 2010. Besides governments, manufacturing firms were the most likely to be targeted in espionage-motivated attacks. There’s also been a surge in espionage-related breaches targeting educational institutions, spiking from almost none in 2012 to more than 20 per cent last year, the report said.