Tam­ing Ran­somware

Ran­somware Still a Top Cy­ber Se­cu­rity Threat as per a Ver­i­zon study

Dataquest - - CONTENTS -

Ran­somware at­tacks are a key cy­ber se­cu­rity threat for global or­ga­ni­za­tions, warns Ver­i­zon’s 2018 Data Breach In­ves­ti­ga­tions Re­port (DBIR). It is the most com­mon type of mal­ware, found in 39% of mal­ware-re­lated data breaches – dou­ble that of last year’s DBIR, and ac­counts for over 700 in­ci­dents. What’s more, Ver­i­zon’s anal­y­sis show that at­tacks are now mov­ing into busi­ness crit­i­cal sys­tems, which en­crypt file servers or data­bases, in­flict­ing more dam­age and com­mand­ing big­ger ran­som re­quests.

DBIR anal­y­sis also flags a shift in how so­cial at­tacks, such as fi­nan­cial pre­tex­ting and phish­ing, are used. At­tacks such as these, which con­tinue to in­fil­trate or­ga­ni­za­tions via em­ploy­ees, are now in­creas­ingly a de­part­men­tal is­sue. Anal­y­sis shows that Hu­man Re­source (HR) depart­ments across mul­ti­ple ver­ti­cals are now be­ing tar­geted in a bid to ex­tract employee wage and tax data, so crim­i­nals can com­mit tax fraud and di­vert tax re­bates.

“Busi­nesses find it dif­fi­cult to keep abreast of the threat land­scape, and con­tinue to put them­selves at risk by not

adopt­ing dy­namic and proac­tive se­cu­rity strate­gies,” says Ge­orge Fis­cher, pres­i­dent of Ver­i­zon En­ter­prise So­lu­tions. “Ver­i­zon gives busi­nesses data-driven, real-life views on the cy­ber-threat land­scape, not only through the DBIR se­ries but also via our com­pre­hen­sive range of in­tel­li­gent se­cu­rity so­lu­tions and ser­vices. This 11th edi­tion of the DBIR gives in-depth in­for­ma­tion and anal­y­sis on what’s re­ally go­ing on in cy­ber crime, help­ing or­ga­ni­za­tions to make in­tel­li­gent de­ci­sions on how best to pro­tect them­selves.”

MA­JOR FIND­INGS IN SUM­MARY

The 11th edi­tion of the DBIR continues to de­liver com­pre­hen­sive data-driven anal­y­sis of the cy­ber threat land­scape. Ma­jor find­ings of the 2018 re­port in­clude: Ran­somware is the most preva­lent va­ri­ety of

ma­li­cious soft­ware: It was found in 39 per­cent of mal­ware-re­lated cases ex­am­ined this year, mov­ing up from fourth place in the 2017 DBIR (and 22nd in 2014). Most im­por­tantly, based on Ver­i­zon’s dataset it has started to im­pact busi­ness crit­i­cal sys­tems rather than just desk­tops. This is lead­ing to big­ger ran­som de­mands, mak­ing the life of a cy­ber­crim­i­nal more prof­itable with less work. The hu­man fac­tor continues to be a key weakness: Em­ploy­ees are still falling vic­tim to so­cial at­tacks. Fi­nan­cial pre­tex­ting and phish­ing rep­re­sent 98% of so­cial in­ci­dents and 93% of all breaches in­ves­ti­gated – with email con­tin­u­ing to be the main en­try point (96% of cases). Com­pa­nies are nearly three times more likely to get breached by so­cial at­tacks than via ac­tual vul­ner­a­bil­i­ties, em­pha­siz­ing the need for on­go­ing employee cy­ber­se­cu­rity ed­u­ca­tion. Fi­nan­cial pre­tex­ting tar­gets HR: Pre­tex­ting has in­creased over five times since the 2017 DBIR, with 170 in­ci­dents an­a­lyzed this year (com­pared to just 61 in­ci­dents in the 2017 DBIR). Eighty eight of these in­ci­dents specif­i­cally tar­geted HR staff to ob­tain per­sonal data for the fil­ing of file fraud­u­lent tax re­turns.

Phish­ing at­tacks can­not be ig­nored: While on av­er­age 78% of peo­ple did not fail a phish­ing test last year, 4 per­cent of peo­ple do for any given phish­ing cam­paign. A cy­ber crim­i­nal only needs one vic­tim to get ac­cess into an or­ga­ni­za­tion.

DDoS at­tacks are ev­ery­where: DDoS at­tacks can im­pact any­one and are of­ten used as cam­ou­flage, of­ten be­ing started, stopped and restarted to hide other breaches in progress. They are pow­er­ful, but also man­age­able if the cor­rect DDoS mit­i­ga­tion strat­egy is in place.

Most at­tack­ers are out­siders: One breach can have mul­ti­ple at­tack­ers and we found the fol­low­ing: 72 per­cent of at­tacks were per­pe­trated by out­siders, 27 per­cent in­volved in­ter­nal ac­tors, 2 per­cent in­volved part­ners and 2 per­cent fea­ture mul­ti­ple part­ners. Or­ga­nized crime groups still ac­count for 50 per­cent of the at­tacks an­a­lyzed. “Ran­somware re­mains a sig­nif­i­cant threat for com­pa­nies of all sizes,” says Bryan Sartin, ex­ec­u­tive di­rec­tor se­cu­rity pro­fes­sional ser­vices, Ver­i­zon. “It is now the most preva­lent form of mal­ware, and its use has in­creased sig­nif­i­cantly over re­cent years. What is in­ter­est­ing to us is that busi­nesses are still not in­vest­ing in ap­pro­pri­ate se­cu­rity strate­gies to com­bat ran­somware, mean­ing they end up with no op­tion but to pay the ran­som – the cy­ber­crim­i­nal is the only win­ner here! As an in­dus­try, we have to help our cus­tomers take a more proac­tive ap­proach to their se­cu­rity. Help­ing them to un­der­stand the threats they face is the first step to putting in place so­lu­tions to pro­tect them­selves.”

Sartin con­tin­ued: “Com­pa­nies also need to con­tinue to in­vest in employee ed­u­ca­tion about cy­ber­crime and the detri­men­tal ef­fect a breach can have on brand, rep­u­ta­tion and the bot­tom line. Em­ploy­ees should be a busi­ness’s

Busi­nesses find it dif­fi­cult to keep abreast of the threat land­scape, and con­tinue to put them­selves at risk by not adopt­ing dy­namic and proac­tive se­cu­rity strate­gies

first line of de­fense, rather than the weak­est link in the se­cu­rity chain. On­go­ing train­ing and ed­u­ca­tion pro­grams are es­sen­tial. It only takes one per­son to click on a phish­ing email to ex­pose an en­tire or­ga­ni­za­tion.”

BIG­GEST RISKS PER IN­DUS­TRIES AN­A­LYZED

This year’s re­port high­lights the big­gest threats faced by in­di­vid­ual in­dus­tries, and also of­fers guid­ance on what com­pa­nies can do to mit­i­gate against these risks. Key in­dus­try find­ings in­clude: Ed­u­ca­tion – So­cial en­gi­neer­ing tar­get­ing per­sonal in­for­ma­tion is high, which is then used for iden­tity fraud. Highly sen­si­tive re­search is also at risk, with 20 per­cent of at­tacks mo­ti­vated by es­pi­onage. Eleven per­cent of at­tacks also have “fun” as the mo­tive rather than fi­nan­cial gain.

Fi­nan­cial and In­surance – Pay­ment card skim­mers in­stalled on ATMs are still big busi­ness; how­ever, we’re also now see­ing a rise in “ATM jack­pot­ting,” where fraud­u­lently in­stalled soft­ware or hard­ware in­structs the ATMs to re­lease large amounts of cash. DDoS at­tacks are also a threat.

Health­care – This is the only in­dus­try where in­sider threats are greater than threats from the out­side. Hu­man er­ror re­mains a ma­jor con­trib­u­tor to health­care risks.

Pub­lic sec­tor – Cy­ber-es­pi­onage re­mains a ma­jor con­cern, with 43 per­cent of breaches be­ing es­pi­onage mo­ti­vated. How­ever, it is not only state-se­crets that are a tar­get – per­sonal data is also at risk. Other in­dus­tries ex­am­ined within the re­port in­clude ac­com­mo­da­tion and food ser­vices; pro­fes­sional, tech­ni­cal and sci­en­tific ser­vices; and man­u­fac­tur­ing and retail.

THE TIME TO ACT IS NOW

Sixty-eight per­cent of breaches took months or longer to dis­cover, even though 87 per­cent of the breaches ex­am­ined had data com­pro­mised within min­utes or less of the at­tack tak­ing place. While safety can­not be guar­an­teed, proac­tive steps can be taken to help keep or­ga­ni­za­tions from be­ing vic­tims. These are:

1. Stay vigilant – log files and change man­age­ment sys­tems can give you early warn­ing of a breach.

2. Make peo­ple your first line of de­fense – train staff to spot the warn­ing signs.

3. Keep data on a “need to know” ba­sis – only em­ploy­ees that need ac­cess to sys­tems to do their jobs should have it. 4. Patch promptly – this could guard against many at­tacks. 5. En­crypt sen­si­tive data – make your data next to use­less if it is stolen.

6. Use two-fac­tor au­then­ti­ca­tion – this can limit the dam­age that can be done with lost or stolen cre­den­tials. 7. Don’t for­get phys­i­cal se­cu­rity – not all data theft hap­pens on­line.

Com­pa­nies also need to con­tinue to in­vest in employee ed­u­ca­tion about cy­ber­crime and the detri­men­tal ef­fect a breach can have on brand, rep­u­ta­tion and the bot­tom line. Em­ploy­ees should be a busi­ness’s first line of de­fense, rather than the weak­est link in the se­cu­rity chain. On­go­ing train­ing and ed­u­ca­tion pro­grams are es­sen­tial. It only takes one per­son to click on a phish­ing email to ex­pose an en­tire or­ga­ni­za­tion

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.