Ransomware and social engineering attacks against C-level executives have increased in numbers and sophistication.
Ransomware attacks doubled in the first quarter of 2019, according to Lloyd’s of London insurer Beazley, which experienced a 105% increase in the number of ransomware attack notifications by its clients in the quarter compared with the same period a year ago.
Along with an increase in the frequency of attacks, cyber criminals are targeting larger organisations and demanding higher ransom payments. In the first quarter of 2019, the average ransomware demand reported to Beazley was 93% higher than the 2018 average (the average ransom in the first quarter was US$224,871).
According to incident response firm Coveware, the average price of ransoms in the first quarter of 2019 increased by 89% compared to the fourth quarter of 2018. As the average ransom demand goes up, it attracts attack groups interested in making money.
At the same time, the availability of exploit kits, such as banking trojans and ransomwareas- a-service (RaaS) platforms, lower the skill barrier required to facilitate these attacks.
Beazley says sophisticated attack groups associated with Ryuk and Bitpaymer ransomware variants are targeting larger organisations through phishing emails and by tricking users into deploying banking trojans. RaaS attacks, which tend to hit small businesses, also remain commonplace, according to Beazley.
A number of large industrial and manufacturing firms have been hit by ransomware attacks of late. Ransomware attacks disrupted production at a European aluminium manufacturer in March 2019 and at one of the world’s largest semiconductor manufacturers in August 2018. Local government and critical infrastructure have also been targeted – the city of Baltimore was disrupted by a ransomware attack in May, as was a US utility company in October 2018.
Beazley has also seen a substantial increase in incidents involving banking trojans, which are becoming more dangerous and disruptive and are difficult to remove once infected. Banking Trojans typically steal banking credentials from users of online banking websites, but new variants (such as Emotet and Trickbot) harvest other account credentials.
They also perform reconnaissance on email accounts and deploy other malware, most commonly ransomware.
Social engineering attacks against C-level executives and attacks against cloud-based email servers also increased last year, according to the 2019 Verizon Data Breach Investigations Report, which analyses over 41,000 security incidents.
C-level executives are 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach, according to the report. Cyber attacks against web-based email accounts using stolen credentials rose to 16% of all breaches this year, from just 3% last year.
Compromise of web-based email accounts using stolen credentials was seen in 60% of all attacks that involved hacking a web-based application.
The Verizon report provides some useful insights into the motivations and techniques driving cyber attacks.
For example, the majority of attacks are carried out by criminals seeking financial gain. The report found that 71% of security incidents were financially motivated, while 39% of data breaches involved organised criminal groups.
Attacks using ransomware and social engineering are relatively easy to carry out and offer an attractive payoff.
Verizon’s analysis also found that the majority of attacks use relatively simple and established techniques – 94% of malware is delivered through email, for example. The majority of breaches involved either phishing (32%), stolen credentials (29%), or ransomware (24%).
That said, Verizon found that nation states and state-sponsored hackers are playing a greater role in global security incidents. Nation states and state supported hackers were linked to 23% of incidents, while 25% of data breaches involved cyber espionage.
Another important finding of the Verizon report was the time taken to discover a data breach. Over half (56%) of data breaches took one month or longer to detect.