Ransomware attacks are a key threat to the cybersecurity of global organizations, as this is the most common type of malware, which is found after 39% of cyberattack-related violations.

According to Verizon’s report “2018 Data Breach Investigations Report (DBIR)” shows, attacks of this type are targeting critical business systems as they encrypt file servers or databases, inflicting more damage and demanding greater ransom requests.

Employees, an entry for attackers

DBIR analysis marks a change in the way attacks are conducted that arrive through more “social” contexts, such as financial pretext and phishing. Attacks like these, which continue to infiltrate organizations through employees, are a growing problem for cybersecurity departments.

Human Resources (HR) departments. HH.), they must modify their defense strategies, so that attackers can extract employees’ wage and tax data, and that they can commit tax fraud or divert tax breaks with them.

The 88% of the attacks analyzed specifically targeted human resources personnel to obtain personal data for the filing of fraudulent tax returns.

George Fischer, president of Verizon Enterprise Solutions, says:

“Companies find it difficult to keep abreast of the threat landscape and continue to put themselves at risk by not adopting dynamic and proactive security strategies. That’s why through this study Verizon provides detailed and analyzed information about what’s really going on around cybercrime, helping organizations make smart decisions about how best to protect themselves.”

Financial pretexts and phishing account for 98 of the social incidents and 93 of all investigations investigated, and email remains the main entry point (92.4% cases). Companies are nearly three times more likely to be violated by social attacks than by real vulnerabilities, emphasizing the need for ongoing employee cybersecurity education.

Phishing attacks can’t be ignored

Verizon claims phishing attacks have increased since last year, a claim that is supported by the report published by Kaspersky Lab, in which it says attacks of all types of financial phishing, attacks against banks, payment systems and stores 1.2, 4.3 and 0.8 percentage points respectively. One solution to minimize these attacks, is the one offered by Shopos, it is a phishing simulator, Shopos Phis Treat, which will track the risk in companies and employee performance. And this simulator automates the entire process of training workers, and provides a visual analysis of which of them will be most vulnerable.

DDos attacks

DDoS attacks can affect anyone and are often camouflaged as they are started, stopped, and restarted to hide other ongoing violations. They are powerful, but also manageable if the right DDoS mitigation strategy is in place. According to Kaspersky Lab’s report, 2017 ended with a 35% increase in the costs caused by such attacks on large companies, and in the case of SMEs a 15%.

Where do the attacks come from?

Not all of these types of attacks have a single person behind it, but currently more than 50 of the cyberattacks are perpetrated by a cybercriminal organization. While Verizon’s study also shows that a 27% comes from people who have some kind of relationship with the affected company, including a 2% of former partners or workers and a 2% of current partners.
One way to stop these attacks from organizations that revolve around cyberattacks is through gamification. Following a report by McAfee, it was found that 57% of the workers who used games to train had more awareness and knowledge of how attacks occur, so they would be better prepared to deal with them.

Which sectors are most threatened?

Each sector will suffer attacks differently as each of them works with a different type of information, some industries handle significant amounts of payment card data, others have databases full of personal information (PII) or even other companies that have all of the above information.

Education

The main objective of the attacks on the education sector is to obtain personal information and then commit criminal actions such as tax fraud.

Data that may be considered sensitive are also at risk, as 20 per cent target espionage, one reason for research within the education sector.

Although there is also a small percentage (11%), which is based on fun, to carry out attacks on educational institutions.

Finance and insurance

In these sectors, the most common attacks are Trojans and cloning of bank cards at at-the-TOPs and although they are worrying, they are not the most relevant.

The crosshairs are currently in the “Jackpotting ATM”, which according to security firm Krebs on Security, is a type of attack that allows criminals to extract all the contents of the cashier, at the speed of 40 bills every 23 seconds. This maneuver is performed through software or fraudulent hardware that is installed at the cashier.

Bless you

Health is one of the areas where the percentage of attacks from workers or people related to the company is greater than external threats. Human error remains one of the biggest contributors to the increase in attacks in this sector.

But if there’s one thing that stands out, it’s that, the ransomware epidemic that continues to plague the health industry, accounting for 85% of all the malware received.

Information (Editors and film and sound industry)

DDOS attacks are the most common in companies that belong to the information sector, most likely to come from external attackers and have a financial motivation.

In total 56% of the attacks suffered in this industry are of the DDOS type and more specifically, web application attacks constitute 41% of the breaches, the use of stolen credentials is one of the main methods used to gain non-access authorized through the World Wide Web.

Public sector

The 43% of the attacks suffered in this area are due to cyberespionage, although it is not limited to confidential information alone, but also falls within the stolen information, personal data.

Ransomware attacks in Spain

On the other hand, and more concretely, according to a report issued by ESET ransomware attacks increased by 47% in 2017, and Spain is in the second position of the European countries that suffer the most from these threats.


Most of these ransomware (50,4%) belong to the same family: TorrentLockers. Followed by TeslaCrypt (11.1%), and later CryptoWall (9.7%). The fourth, fifth and sixth position sit for Crysis (8.1%), Cerber (7%) and Locky (6.6%), respectively.

Conclusions

The security of companies cannot be guaranteed at 100%, which is why it is recommended that each company be proactive and take measures to ensure as far as possible security.

It is important to remain alert, keeping track of possible attacks. Workers’ cybersecurity training is unchecked as one of the goals that every company must achieve, and it is that a job that knows how to defend itself from a cyberattack is a beneficial worker for the company. Without neglecting data encryption or authentication of the staff who have access to it.

In the case of Spain, companies should exercise special caution with information that is sensitive and may be the victim of a kidnapping, since the increase in ransomware attacks is significant, especially those belonging to the TorrentLockers family.