Verizon DBIR: Ransonware and Cyber-Espionage on the Rise

Verizon Data Breach Investigative Report 2017

A few weeks ago, Verizon released its annual Data Breach Investigation Report(DBIR). Some of the biggest takeaways from the reports is the increase of ransomware and cyber espionage usage. Projections show that these trends will keep increasing as the year goes on. The report also states the increased collaboration between different organizations to mitigate these threats.

It is no news that Ransomware related attacks have been increasing each year. Throughout the year according to Verizon’s DBIR report ransomware has spiked by 50%. According to the report, numerous technical improvements have been implemented on Ransomware software. This includes methods to avoid detection, boot record locking, and disk encryption. Also due to how easy it is to make a profit from this type of crimeware, cyber-criminals have been selling ransomware as a service. This allows anyone with no technical skills to purchase the service and use it for criminal activities.

Crimeware Ransomware Incidents. Source: Verizon DBIR 2017.

Crimeware Ransomware Incidents. Source: Verizon DBIR 2017.

Another trend that has started to surface is the targeting of organizations instead of individual computers. This makes sense given that an organization’s greatest asset is its data. Aside from the fact that the ransom required would be higher, they would be more willing than a single user to pay to retain their files. The Health Care industry has been a particular target for this types of attacks. Some hospitals have fallen victim to ransomware attacks and forced to pay the ransom to decrypt their files.

Cyber-espionage has also made gains this year. According to the report, this is due to two reason; first, the report began featuring more of these types of breaches into its data sets and second the discovery of banking trojan botnets and POS. The most affected industry, as usual, is the manufacturing industry with 115 incidents, closely followed by Public Administration with 112 incidents. The interest in these two industries is mainly for the acquisition of trade secrets in manufacturing and confidential information for the public sector.

Surprisingly, the educational industry experienced a significant increase of espionage with a total of twelve incidents. The reason why cyber spies have taken an interest in academia is the same reason why manufacturing is a target. Universities are a gold mine when it comes to R&D and new technology. Cyber-attackers have realized their potential and started targeting academia given that they usually have less security than other industries.

Cyber Espionage Incidents. Source: Verizon DBIR 2017

Cyber Espionage Incidents. Source: Verizon DBIR 2017

Despite the increase in ransomware usage and cyber-espionage, there is a silver lining to all these incidents. The InfoSec community has been proactive in finding ways to combat ransomware. This includes optimizing security software to detect before infection and countermeasure to stop ransomware software to execute its code. Communities have also been sharing information quicker on suspected ransomware to contain its spread.

Leave a Reply

Your email address will not be published. Required fields are marked *