Ransomware and cloud service attacks are on the rise – so beware
Lock down your cloud services, and avoid your more important files being locked down by ransomware. Cybercrime is on the rise.
That’s the findings of an analysis by cybercrime monitors Trustwave, who have analysed a trillion logged security events, as well as hundreds of investigations they’ve carried out themselves, and internal research about the latest cybersecurity threats and methods criminals are using to access our information.
“Our 2019 findings depict organisations under tremendous pressure contending with adversaries who are methodical in selecting their targets and masterful at finding new pathways into environments as the attack surface widens,” said Arthur Wong, chief executive officer at Trustwave.
“We continue to see the global threat landscape evolve through novel malware delivery, inventive social engineering and the ways malicious behaviours are concealed. How fast threats are detected and eliminated is the top cybersecurity priority in every industry.”
What’s being attacked and how?
The main vectors of attack, and the targets criminals are aiming for, is constantly shifting. But Trustwave’s analysis of the main trends of 2019 show attacks on cloud services more than doubled over the year. It’s the third-most targeted environment for cybercrime, accounting for one in every five investigated incidents – up from just 7% the year before.
The way in which bad actors access accounts hasn’t changed much: social engineering, the method of convincing someone to provide access to their account, either by pretending to be a trusted source and getting them to click a link or by conniving to con them out of personal data, remains the most popular way that criminals crack into accounts.
Half of all the incidents that Trustwave was called out to investigate in 2019 turned out to be the result of social engineering attacks, the most popular and best-known of which are phishing attacks. It’s a method on the rise, too: in 2018, social engineering was used in just one third of all attacks.
Ransomware remains a big risk
Top of the list of types of attack is ransomware, echoing the attention the method of attack has received in the media over the last 12 months. Ransomware – which locks down key files and demands you make a payment in order to unlock them, often by Bitcoin – has become the most popular type of information targeted by criminals.
Until recently, it used to be that criminals would target the data of credit and debit cards then try and use them illicitly. But now ransomware has overtaken card payment detail attacks, accounting for 18% of all data breach incidents observed in 2019. The year before, it was just 4%.
One of the more surprising findings from Trustwave is the near-disappearance of spam attacks carrying malware. Findings show a large decrease in the volume of spam email hitting organisations from 45.3% in 2018 to 28.3% in 2019 – thanks to a number of large spam operations going offline, or refocusing their activities on more successful and potentially lucrative methods of attacks.
Of course, spam still continues – as anyone with an email account can tell you – but it’s no longer being used as a vehicle to carry viruses. Of the spam analysed in 2019 by Trustwave, only 0.2% contained malware down from 6% the previous year.
That’s good news – as is one of Trustwave’s other findings. The average time it takes from a threat making its way onto a system to being discovered has dropped precipitously in the last year, showing that we’re getting more knowledgeable and more circumspect about keeping track of bad actors. In 2018, malware was likely to linger on a system or network for 11 days before being discovered internally. Last year, that was just two days. Acting quickly, and acting decisively, means the bad guys can’t win.