FEATURE
cybersecurityeurope PAGE 40
TOP RANSOMWARE ATTACK VECTORS
Remote Desktop Protocol based breaches were (again) the single most prevalent ransomware attack vector in Q4/2018. This vector is predicted to remain popular.
HOW VERTICAL SECTORS ARE TARGETED BY RANSOMWARE
Professional service fi rms (e.g., law and accountancy fi rms), continue to be a prime target for ransomware. These fi rms tend to under-invest in IT security, have weak or no backup policies, and have almost no tolerance for data loss. Healthcare facilities are also more targeted.
UTILITIES 1.7%
1.7% SOCIAL ENGINEER. 13.8% PHISHING 84.5% RDP
MATERIALS 3.4% TRANSPORTATION 5.2% INSURANCE 5.2%
13.8% SOFTWARE SERV.
RETAILING 5.2% CAPITAL GOODS 8.6%
OTHER 10.3% HEALTHCARE 12.1%
cost, and lost opportunities. All
fi gures, again, were increases over the previous year’s fi gures: no surprise given that studies of cyber security trends indicate that there are rich pickings to be had, as a proportion of compromised organisations opt to pay ransoms to recover their data. Further inducement
for cyber
criminals may well come from the fact that organisations polled across vertical sectors now not only expect ransomware to become a fact of commercial operations, but see it as somewhat of a tolerable business cost. This is despite evidence that paying a ransom is no guarantee that encrypted data will be recovered. Coveware reports that when a victim of ransomware pays, they receive a decryption key 93% of the time; but that is just the beginning of the recovery
process. Encryption can
damage or delete fi les, and sometimes the decryption tools do not work well. The average data recovery rate when a working
tool is delivered
is about 95%, but varies markedly depending on the type of ransomware. For example, Ryuk is low at ~60%, but SamSam is close to 100%, the Coveware study found.
22.4% PROFESSIONAL SERV. Ransomware creators continue to build-in new ways to add value
to their attacks. New ‘in-development’ ransomware (discovered by MalwareHunterTeam) encrypts fi les, and also tries to steal owners’ PayPal credentials with an included phishing page. This ransomware contains a ransom note that states the user can remit either via Bitcoins or with cash through PayPal. If a user chooses to pay using PayPal, they will be brought to a phishing site that will then attempt to fi lch their PayPal credentials. “This technique aims to maximise the return-on-investment
for the attacker. Once the victim falls into the trap and pays the initial ransom, they will also be duped into providing their PayPal
Sophos found that 75% of companies infected with ransomware were, nonetheless, running up-to-date endpoint protection software.
credentials, which will profi t the attacker even further,” says Maor Hizkiev, CTO and Co-founder at BitDam. “This kind of attack demonstrates that once an attacker gains control, there is no limit to what they can do and how much money they can steal.” Hizkiev adds: “The problem lies in the fact that almost all current security solutions are reactive, adjusting their defences based on attacks they have seen in the past. The reality is that new attacks are emerging daily, making it harder for vendors to keep up to date and protect from the newest attackers’ tricks.” The fact that technological safeguards have their limits places
even greater emphasis on the human factor when it comes to keeping-out ransomware. Coveware’s report sample says that 15.5% of ransomware attacks came through social engineering or phishing attacks. Many cyber security expert theorists now expound the necessity for organisations to implement a holistic cyber security
12.1% FINANCIAL SERV.
Sources: Coveware Ransomware Marketplace Report 2019
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53