Ransomware Targeted 50% of Orgs Last Year

Written by

Nearly half of all businesses have been targeted by ransomware in the past year.

Radware’s Global Application and Network Security Report 2016-2017 has revealed that 49% of businesses confirmed being the subject of a cyber-ransom campaign in 2016. What’s more, 27% of IT professionals surveyed chose data leakage or loss as a key concern when faced with a cyber-attack, while only 19% chose service outage, 16% selected reputation loss and just 9% cited customer or partner loss. 

41% reported that ransom was the top motivation behind cyber-attacks they had experienced in 2016, followed by insider threats (27%), political hacktivism (26%) and competition (26%).

“Cyber-ransom is the fastest-growing motive and technique in cyber-attacks, as most phishing attempts now deliver ransomware,” the report noted. “Today, threat actors focus their ransom attacks to target phones, laptops, company computers, and other devices that are a daily necessity. In the future, they may target lifesaving healthcare devices like defibrillators.”

Half of all organizations surveyed had experienced a malware or bot attack in the past year, and 55% said that the internet of things (IoT) complicates their detection or mitigation requirements. as it increases the surface of the attack landscape.

“One thing is clear: Money is the top motivator in the threat landscape today,” said Carl Herberger, vice president of security solutions at Radware. “Attackers employ an ever-increasing number of tactics to steal valuable information, from ransom attacks that can lock up a company’s data, to DDoS attacks that act as a smoke screen for information theft, to direct brute-force or injection attacks that grant direct access to internal data.”

When it comes to DDoS, massive attacks made headlines in 2016, but Radware’s research shows that attacks of more than 50Gbps made up just 4% of attacks experienced. More than 83% of DDoS attacks reported by organizations were under 1Gbps.

That said, those big attacks can do a lot of damage: 35% of those hit with one reported impact to their servers, 25% claimed damage to their internet pipe, and 23% said large-scale attacks impacted their firewall. These respondents defined “impact” as 100% exhaustion resulting in total failure.

The reported noted the rise of permanent denial of service (PDoS) for data center and IoT operations. Also known loosely as “phlashing” in some circles, PDoS is an attack that damages a system so badly that it requires replacement or reinstallation of the hardware itself. While these attacks have been around for a long time, they only appear sporadically. However, Radware predicts that more threat actors will target the destruction of devices via PDoS attacks in the coming year.

Also on the DoS front, telephony DoS (TDoS) is expected to rise in sophistication and importance, catching many by surprise. Cutting off communications during crisis periods could impede first responders’ situational awareness, exacerbate suffering and pain, and potentially increase loss of life.

Amid all of this, the report also reveals that companies are still not prepared to face the threat landscape. In fact, 40% of organizations do not have an incident response plan in place; 70% percent do not have cyber-insurance; and despite the prevalence of ransomware, only 7% keep bitcoins on hand.

“Our report shows that most organizations are still not prepared to fend off many of the more sophisticated attacks,” said Herberger. “There is a vast market for mitigating attacks in progress and defending against threats, both new and established, that grow in severity by the day.”

Things could get more complex going forward as well. With the code for the Mirai IoT botnet now available to the public, novice and sophisticated hackers are already adjusting and “improving” the code’s capabilities based on their needs. The report accordingly predicts that in 2017, exponentially more devices could become targeted and enslaved into IoT botnets. IoT device manufacturers will then have to face the issue of securing their devices before they are brought to market, as botnet attacks from these devices can generate large-scale attacks that easily exceed 1Tbps.

This could be especially high-profile in transportation: From trains and planes to buses and automobiles, entire systems are becoming self-guided. This automation is meant to provide increased safety, improved reliability, and higher efficiencies. But most of this critical infrastructure may be vulnerable to threat actors looking to hijack public transportation or lock the system down with ransomware.

“Threat actors have a single focus, to develop the best tools possible to either disable an organization or steal its data,” said Herberger. “Businesses focus on delivering the highest value to their customers. In order to deliver that value, security must be woven into the customer experience for a company to truly succeed. Without this change in thinking, organizations will remain vulnerable.”

Photo © Leowolfert

What’s hot on Infosecurity Magazine?