It seems lately that nobody’s safe from malware attacks, and from our private data being hacked and made available to nefarious parties. One of the worst forms of malware is ransomware, which locks down a user’s data and holds it hostage for cash or Bitcoin. According to Verizon, ransomware is one of the fastest-growing forms of malware, a finding that confirms other similar reports.
Each year, Verizon looks at real-world incidents, assesses trends, and provides some insight into the kinds of attacks being experienced by a variety of different kinds of users. This year’s Data Breach Investigations Report (DBIR) looked at more than 53,000 incidents and 2,216 confirmed data breach cases in coming up with its conclusions.
According to the data, the majority of attacks — 76 percent, in fact — were conducted by cybercriminals with the intent of making money. That includes stealing data and using it to access banking and credit card accounts, selling the data on the open market, and conducting ransomware campaigns that generate cash directly. While nearly 73 percent of all attacks were made by individuals and groups outside of organizations, including 12 percent that was perpetrated by those with ties to nation-states, 28 percent of attacks originated from the inside.
Of all attacks, ransomware represented 39 percent of those where malware was implicated. The reason why ransomware is so prevalent is that it’s effective and relatively easy to implement. Tools exist that anyone can use to carry out a ransomware attack, and so a lack of technical expertise and resources isn’t the impediment that it is for other forms of attack. And, payment is direct and immediate, without the need to conduct secondary processes like selling stolen data.
Even so, roughly 17 percent of all data breaches were due to simple mistakes, such as incorrectly addressed emails, information that’s not shredded as it should be, and poorly configured web servers. In addition, up to four percent of all phishing targets — where an email will link to a bogus site that downloads malware or gathers personal information — click on phishing campaign email, which is still a significant number when such campaigns can target millions of potential victims.
Verizon recommends the same tactics as always. Its report focuses on organizations and so making sure users are educated, systems are patched, and adequate security systems are in place are the most important steps to take. For individuals, constant vigilance, good backups, and common sense remain good advice.