There was some good news in the latest installment of the Symantec Internet Security Threat Report. Web-based attacks have fallen year on year, but ransomware attacks on businesses have sky rocketed. Sabotage and subversion attacks have also risen sharply in the past 12 months.
The Internet Security Threat Report shows that exploit kit and other web-based attacks fell by 30% in 2016, but over the same period, ransomware attacks on businesses increased by 36%.
Ransomware has proved popular with cybercriminals as attacks are easy to perform and money can be made quickly. If an attacker succeeds in encrypting business data, a ransom must be paid within a few days. In the United States, where the majority of ransomware attacks occur, 64% of businesses pay the ransom.
Web-based attacks on the other hand typically take longer and require considerably more technical skill. Cybercriminals must create and host a malicious site and direct end users to the site. Once malware has been downloaded, the attackers must move laterally within the network and find and exfiltrate sensitive data. The data must then be sold.
Ransomware attacks on businesses are far easier to conduct, especially using ransomware-as-a-service. All that is required is for criminals to pay to rent the ransomware, set their own terms, and distribute the malware via spam email. Many ransomware authors even provide kits with instructions on how to customize the ransomware and conduct campaigns. The appeal of ransomware is clear. It is quick, easy and profitable to conduct attacks.
The Symantec Internet Security Threat Report charts the rise in popularity of ransomware. Symantec detected 101 separate ransomware families in 2016. In 2014 and 2015 the count was just 30. Symantec’s ransomware detections increased from 340,665 in 2015 to 463,841 in 2016. Ransomware as a service has played a major role in the increase in attacks.
Ransom demands have also increased in the past year. In 2015, the average ransom demand was $294 per infected device. In 2016, the average ransomware demand had increased to $1,077.
Fortunately, good data backup policies will ensure businesses do not have to pay to unlock their data. Unfortunately, even if data can be recovered from backups, ransomware attacks on businesses are costly to resolve. Cybersecurity firms need to be hired to conduct analyses of networks to ensure all traces of ransomware (and other malware) have been removed. Those firms must also check to make sure no backdoors have been installed.
Ransomware attacks on businesses typically see computers locked for several days, causing considerable loss of revenue for companies. Customer breach notifications may also need to be issued. Ransomware attacks can cost tens or hundreds of thousands of dollars to resolve, even if no ransom is paid.
Since ransomware is primarily distributed via spam email, businesses need to ensure they have appropriate email defenses in place. An advanced spam filter with an anti-phishing component is essential, along with other endpoint protection systems.
Symantec’s figures show that spam email volume has remained constant year on year, with spam accounting for 53% of email volume in 2016.
In 2016, one in 2,596 emails involved a phishing component, down from one in 965 in 2014. Phishing attacks may be down, but malware attacks increased over the same period.
Malware-infected email attachments and malicious links to malware-infected websites accounted for one in every 131 emails in 2016, up from 1 in 220 in 2015 and 1 in 244 in 2014. In 2016, 357 million new malware variants were detected, up from 275 million in 2014.
The decline in web-based attacks is certainly good news, but it doesn’t mean the threat can be ignored. Last year there were 229,000 web-based attacks tracked by Symantec. While that is a considerable decrease from the previous year, web-based attacks still pose a significant threat to businesses.
Web-based attacks could also increase this year. The Symantec Internet Security Threat Report indicates 9% of websites have critical bugs that could be easily exploited by cybercriminals allowing them to hijack the websites. Worryingly, Symantec reports that 76% of websites contain bugs that could potentially be exploited.
The Symantec Internet Security Threat Report shows data breaches have remained fairly constant over the past two years. In 2014, widely reported to be ‘the year of the data breach’, Symantec recorded 1,523 data breaches. The following year that fell to 1,211 breaches. Last year, there was little change, with 1,209 breaches reported.
The halt in the rise in data breaches suggests organizations are getting better at protecting their networks and data. However, large data breaches are increasing. Last year there were 15 data breaches that involved the theft of more than 10 million records, up from 11 in 2014.
Protecting against data breaches and cyberattacks requires comprehensive, multi-layered security defenses. TitanHQ offers a range of cybersecurity solutions for SMEs to help them improve their security posture and protect against web-based and email-based security threats.
For more information on how you can improve your security posture, and information on the best spam filter for business use, contact the TitanHQ team today.