Skip to main content

Verizon agrees, ransomware is the most popular form of malware

It seems lately that nobody’s safe from malware attacks, and from our private data being hacked and made available to nefarious parties. One of the worst forms of malware is ransomware, which locks down a user’s data and holds it hostage for cash or Bitcoin. According to Verizon, ransomware is one of the fastest-growing forms of malware, a finding that confirms other similar reports.

Each year, Verizon looks at real-world incidents, assesses trends, and provides some insight into the kinds of attacks being experienced by a variety of different kinds of users. This year’s Data Breach Investigations Report (DBIR) looked at more than 53,000 incidents and 2,216 confirmed data breach cases in coming up with its conclusions.

According to the data, the majority of attacks — 76 percent, in fact — were conducted by cybercriminals with the intent of making money. That includes stealing data and using it to access banking and credit card accounts, selling the data on the open market, and conducting ransomware campaigns that generate cash directly. While nearly 73 percent of all attacks were made by individuals and groups outside of organizations, including 12 percent that was perpetrated by those with ties to nation-states, 28 percent of attacks originated from the inside.

Of all attacks, ransomware represented 39 percent of those where malware was implicated. The reason why ransomware is so prevalent is that it’s effective and relatively easy to implement. Tools exist that anyone can use to carry out a ransomware attack, and so a lack of technical expertise and resources isn’t the impediment that it is for other forms of attack. And, payment is direct and immediate, without the need to conduct secondary processes like selling stolen data.

Even so, roughly 17 percent of all data breaches were due to simple mistakes, such as incorrectly addressed emails, information that’s not shredded as it should be, and poorly configured web servers. In addition, up to four percent of all phishing targets — where an email will link to a bogus site that downloads malware or gathers personal information — click on phishing campaign email, which is still a significant number when such campaigns can target millions of potential victims.

Verizon recommends the same tactics as always. Its report focuses on organizations and so making sure users are educated, systems are patched, and adequate security systems are in place are the most important steps to take. For individuals, constant vigilance, good backups, and common sense remain good advice.

Mark Coppock
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
Malware has a terrible new way to get to your computer
A villager looks at a sunset.

You've heard of malware spreading through spammy emails and mysterious links on strange websites. But now there's a new avenue of attack for bad actors to take -- and it's via Minecraft. Yes, you read it correctly. The open-world building game loved by seven-year-olds around the globe is quickly becoming a favorite method for spreading malware.

As reported by Bleeping Computer, Kaspersky Labs researched the phenomena from July 2021 until July 2022, and it found that in-game malware accounted for a significant amount of the malware that was spread in that time. Although there was a 30% drop in malware attacks in that year when compared to 2020, the amount of gaming-related malware actually increased. Minecraft on PC was the preferred vector.

Read more
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more