According to Forrester’s Global Business Technographics Security Survey, 2016, 49% of global network security decision-makers report that they experienced at least one breach during the past 12 months.
Software vulnerabilities currently top the list of the most common types of external attacks and will continue to be near the top of the list, followed closely by user interactions (phishing, malicious links or email attachments), stolen credentials and web applications.
The rise of ransomware
Ransomware has been steadily on the rise throughout 2015 and 2016. In 2016, ransomware reached a staggering $1 billion industry and this will now become our top threat. Consumers have typically been targeted (especially in the affluent U.S.) because it’s less likely that individual users would have robust security in place.
Ransomware attacks on businesses
The long-term trend, however, has been a slow and steady rise in ransomware attacks on businesses. Criminals see a larger ransom potential with bigger companies, especially with wire-transfer email scams targeted at C-level executives.
Symantec also noted the following attack trends in its ISTR Special Report, Ransomware and Businesses 2016:
- Bug-poaching attacks, which involve attackers compromising corporate servers, stealing data (as proof of compromise), and requesting a fee for information on how the attack was carried out
- Using freely available, dual-use tools to help gain a foothold and move through a network
- Obtaining administrator credentials and using them for lateral movement
- Conducting reconnaissance to gain information that could help criminals extort money from the target organization
Across the security industry, incident response teams are also noting that cybercriminals are transferring techniques usually used in advanced espionage attacks and implementing them for targeted ransomware infections.
Do you pay the ransomware to get your files?
Law enforcement discourages companies and individuals to pay the ransoms, as it only encourages further attacks and helps generate future malware. Plus, there’s no guarantee that your files will be returned.
But the problem lies in security vulnerabilities within companies. If automated backups and network files aren’t stored properly, then file backups that are supposed to be in place for emergencies (like ransomware locking users out of data) simply won’t do the job. Then companies pay up.
How can you work to avoid ransomware schemes?
- Since email and exploit kits are the most common method of infection, consider using email-filtering services to block mail delivery or infected attachments.
- Continually educate end users. False invoices and orders, or emails concerning banking security or credentials can often look very convincing.
- Report it to the FBI’s Internet Crime Complaint Center. The FBI also offers tips for dealing with the ransomware threat, including:
○ Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).
○ Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
As ransomware and cyber attacks continue to become big business, it’s more important than ever to strengthen your cybersecurity practices. Investing now will protect your company from any future threats.
For more information, contact Rick Wielopolski at Cyber Solutions Technologies.