Ransomware attacks grown 13% year on year in 2022, an increase greater than the past 5 years
May 28, 2022 |
Verizon has just released its 2022 Data Breach Investigation Report which shows that Ransomware has grown 13% year on year in 2022. The report is valuable because it records trends in ransomware attacks.
The report states:
- the four means of accessing an organisations online site is via:
- misuse of credentials,
- Phishing,
- Exploiting vulnerabilities, and
- Botnets.
- Error continues to be a dominant trend, and is heavily influenced by misconfigured cloud storage.
- The human element continues to drive breaches. Whether it is the use of stolen credentials, phishing or simply an error, people continue to play a large part in incidents and breaches alike.
- data compromises are considerably more likely to result from external attacks than from any other source.
- 80% of breaches are caused by individuals external to the organization
- 40% of Ransomware incidents involve the use of Desktop sharing software and 35% involved the use of Email.
- Third-party breaches represent a small percentage (1%) of breach data. Nevertheless the Use of stolen credentials along with Ransomware as two of the top five action varieties.
- Supply Chain breaches occur where there are secondary victims (when seen from the primary victim’s breach) or where a partner was the vector (when seen from the secondary victim’s breach). Commonly that occurs when a compromised software vendor is used to push a malicious update to an organization resulting in a breach, or a generic partner breach where a partner is compromised and either a set of credentials or some trusted connection is used to gain access.
- there is a high prevalence of Web applications and Mail servers being attacked. Of the Mail servers being attacked, 80% were compromised with stolen credentials and 30% were compromised using some form of exploit. The targeting of mail servers using exploits has increased dramatically since last year.
Data Breach today has undertaken a thorough analysis of the Report in 13% Spike in Ransomware Is Biggest in 5 Years stating:
Ransomware has grown 13% year on year in 2022, a jump greater than the past five years combined, a Verizon Business 2022 Data Breach Investigations Report published on Tuesday shows. The report records trends in ransomware rather than absolute figures such as the total number of breaches during the past five years.
See Also: Live Panel Discussion I Security First: Cyber Readiness in a Changing World
As criminals look to leverage increasingly sophisticated forms of malware, ransomware continues to prove particularly successful in exploiting and monetizing illegal access to private information, the Verizon study says. Financial gain continues to be the primary motive for attacks, followed by espionage, it says.
The Verizon research team reviewed 23,896 security incidents, of which 5,212 were confirmed breaches. Eighty-seven organizations participated in the study.
The DBIR report sheds light on how the most common forms of cyberattacks affected the international security landscape. The data analyzed in the report comes from contributors ranging from law enforcement agencies to forensic and law firms to CERTs and ISACs and government agencies from several countries.
The amount and frequency of ransomware payments have increased today, Chris Novak, global director, threat research advisory center, Verizon Business Group, tells Information Security Media Group. “The victims pay well and pay quickly. This almost incentivizes them [threat actors] and emboldens them to conduct these kinds of attacks more often,” he says.
In the early days of ransomware, organizations struggled with traditional payment mechanisms, such as money transfers or prepaid gift cards. When cryptocurrency came along, they had to figure out how to use wallets and exchanges. “Now it’s almost like a cottage industry that’s grown up out of all of that, that helps facilitate ransom payments. I think in some ways that has also emboldened the threat actors, because it’s easier now,” Novak says.
Anshuman Sharma, head of investigative response, APJ, at Verizon, says that the increase in cyberattacks, especially ransomware, is due to the continued explosion of connected devices and widespread digitization in multiple sectors. “While the pandemic led to a rise in ransomware attacks, the inaction, or the delay in the implementation of technical and infrastructure changes in the new normal, has made organizations more vulnerable,” he says.
Sharma says the emergence of ransomware-as-a-service and the adoption of cryptocurrency could be contributing factors as well.
Key Paths to Data Breaches
The study determined that the four key paths to data breaches are unauthorized credentials, phishing, vulnerability exploitation and botnets.
Organized crime also continues to be a pervasive force in the world of cybersecurity. About four in five breaches can be attributed to organized crime, with external actors four times more likely to cause breaches in an organization than internal actors, the report says.
Heightened geopolitical tensions are also driving increased sophistication, visibility and awareness around nation-state-affiliated cyberattacks.
For many businesses, the past year has been dominated by supply chain issues, and this trend was also reflected across the cybersecurity landscape. In fact, 62% of system intrusion incidents came through an organization’s partner, the Verizon report shows. Compromising the right partner is a force multiplier for cybercriminals and highlights the difficulties that many organizations face in securing their supply chain.
Novak says that supply chain is a “big area of focus,” since many organizations moved toward cloud infrastructure and as-a-service offerings during the pandemic. “It has dramatically changed the way they operate. And that also changes their [threat actors’] attack surface area or footprint. Because more organizations are relying more heavily on third parties, those third parties may be the avenue of entry into the end target,” he says.
In a finding that exposes the cost of human influence, people by far remain the weakest link in an organization’s cybersecurity defenses. Social engineering attacks accounted for 20% of the total breaches recorded in the Verizon report. When human errors and misuse of privilege are added, the human element accounts for 82% of analyzed breaches over the past year.
“We continue to see the human element as a dominant factor. I see organizations deploying a lot of technology, but at the end of the day there will always be people involved. So it is important to educate them and make them aware of the role they play in security,” Novak says.
It is also important to consider the “fair bit” of human error that goes into the implementation, design, execution and detection stages of security, he says. “That ultimately could lead to organizations having either increased breaches or increased severity of breaches if their people aren’t prepared for how to handle those types of events.”
The report also finds that more than half of breaches analyzed involved the use of either remote access or web applications; 66% of the breaches involved phishing, stolen credentials and/or ransomware; and a vast majority of breaches – 95% – involved five or fewer intrusion steps.
Commenting on these findings, Novak says threat actors value credentials. “Many of the attacks we see are related to someone getting access to the credentials, whether it’s buying them on the deep or dark web market or using something like social engineering or phishing in order to obtain them,” he says.
He also observes “incredible activity” around exploiting vulnerabilities and leveraging botnets and says it’s “not just the confidentiality of data, in terms of stealing data, but making systems inaccessible to their end customer, if you will.”
The Australian Cyber Centre has prepared a guide to prepare against a protect against Ransomware attack and a guide to deal with a Ransomware Attack. Both are general and but a first step. Much more is needed to properly prepare and meet a ransomware attack.
Ransomware is a chronic problem for example late last week the following data breaches were announced:
- on 26 May 2022 Martin University in the United States announced it was subject to a Ransomware attack back in January.
-
North Orange County Community College District was hit by ransomware in January
-
a ransomware attack cost the City of Quincy $650,000
- a data breach exposed four years’ worth of records of almost 500,000 Chicago Public Schools students and nearly 60,000 employees. The attack targeted a company that did teacher evaluations and was involved basic student and staff information.