Verizon's new data breach investigation report shows a perhaps depressing continuation of previous problems, once again, phishing and ransomware attacks are up.
The report brings together data from 2260 breaches and 100,000 incidents in 82 countries, collecting information from 67 partners.
"Phishing has continued to trend upward” notes the report, “and is found in the most opportunistic attacks as well as the sophisticated nation state tomfoolery.”
Phishing and ransomware are two of the most irksome and common intrusion techniques, well known to all who have even a faint understanding of information security.
Phishing often comes in the form of an email, exhorting the target to open an attached link. Once that link is opened by the unsuspecting victim, a trap is sprung and malware is downloaded onto the system. It's simple, but incredibly effective.
Laurance Dine, managing principle of investigative response told SCMagazineUK.com that although, “the technology is out there that will slow it down”, there's “no 100 percent way of stopping a phishing email coming into your organisation.”
Ransomware is a kind of malware, often delivered via phishing email, that encrypts data and charges the victim to unencrypt it. Recently, it has been wreaking havoc on hospitals in the US, but its presence is known by many from individual users, to large enterprises, to government departments. This kind of attack has grown by 16 percent this year, according to the report.
This year, phishing was given a ‘leg up' by the Dridex campaign but more than that basic human error was probably its greatest unknowing ally
According to the report, 30 percent of phishing messages were opened, up seven percent on last year. A further 13 percent of those who opened the message, also opened the attachment leading to malware deployment.
Blocking these is, according to Dine is, “down to awareness. One of the things we talk about is making employees your first line of defence.” He added, “If you have clicked on something, its about knowing who to report it to.” Analysing over 600,000 phishing emails, the report's authors found that only three percent of those targeted alerted managers.
Furthermore the report goes on to note that at the moment, “the communication between the criminal and the victim is much more effective than the communication between employees and security staff.”
But why have these problems, detailed in depressing but reliable repetition with every quarterly report, not only persisted but grown? Have people not been listening?
Ben Johnson, chief security strategist for Carbon Black had a simple answer for SC: “Ransomware and phishing attacks have become so pervasive because, simply put, they work.”
Johnson added that “It's quite likely that we don't currently see the full scale of the ransomware problem since many organizations are simply paying the money and staying quiet about it. And in the case of phishing attacks, many organizations are unable to even tell that they've been compromised and go months where attackers have unadulterated access to their key data.”
Orlando Scott-Cowley, cyber-security strategist at email security firm Mimecast told SC that, “traditional email gateway protections and employee education programmes have failed. Meanwhile, cyber-criminals have been regularly evolving phishing tactics to stay one step ahead. New strategies to block malicious links, attachments and social-engineering by email require board-level scrutiny. And if your security team isn't effective—change it.”
The report's other findings include the fact that an overwhelming amount of attacks (89 percent) come from cyber-criminals and, predictably, for financial gain. At a distant second were nation state groups, taking up 9 percent of recorded attacks.