A new study shows businesses worldwide are under increasing threat of ransomware attacks, and employees often are the unwitting accomplices to such cyber threats. Verizon’s 2018 Data Breach Investigations Report (DBIR) shows ransomware is the most common type of malware, found in 39 percent of malware-related data breaches – double that of last year’s DBIR– and accounts for more than 700 incidents.  The reports shows attacks are now moving into business-critical systems, which encrypt file servers or databases, inflicting more damage and commanding bigger ransom requests.

DBIR also flags a shift in how social attacks, such as financial pretexting and phishing, are used. Attacks such as these, which continue to infiltrate organisations via employees, are now increasingly a departmental issue. Analysis shows that Human Resource (HR) departments across multiple verticals are now being targeted in a bid to extract employee wage and tax data, so criminals can commit tax fraud and divert tax rebates.

The 11th edition of the DBIR gives in-depth information and analysis on what’s really going on in cybercrime. Findings include:

Ransomware is the most prevalent variety of malicious software: It was found in 39 percent of malware-related cases examined this year, moving up from fourth place in the 2017 DBIR (and 22nd in 2014). Most importantly, based on Verizon’s dataset it has started to impact business critical systems rather than just desktops. This is leading to bigger ransom demands, making the life of a cybercriminal more profitable with less work.

The human factor continues to be a key weakness: Employees are still falling victim to social attacks. Financial pretexting and phishing represent 98 percent of social incidents and 93 percent of all breaches investigated – with email continuing to be the main entry point (96 percent of cases). Companies are nearly three times more likely to get breached by social attacks than via actual vulnerabilities, emphasizing the need for ongoing employee cybersecurity education.

Pretexting incidents have increased over five times since the 2017 DBIR, with 170 incidents analyzed this year (compared to just 61 incidents in the 2017 DBIR). Eighty eight of these incidents specifically targeted HR staff to obtain personal data for the filing of file fraudulent tax returns. Phishing attacks cannot be ignored. While on average 78 percent of people did not fail a phishing test last year, four percent of people do for any given phishing campaign. A cybercriminal only needs one victim to get access into an organisation.

DDoS attacks can impact anyone and are often used as camouflage, often being started, stopped and restarted to hide other breaches in progress. They are powerful, but also manageable if the correct DDoS mitigation strategy is in place. Most attackers are outsiders: One breach can have multiple attackers and we found the following: 72 percent of attacks were perpetrated by outsiders, 27 percent involved internal actors, two percent involved partners and two percent feature multiple partners. Organized crime groups still account for 50 percent of the attacks analyzed.

Read more here.