70% of all malware breaches last year were ransomware.
According to the Verizon 2022 Data Breach Investigations Report, now entering its 15th year, the use of ransomware to extort money is up 13% in 2021 compared to 2020.
That 13% represents a greater increase in ransomware deployment than the past five years combined. This year’s report examined 23,896 incidents that resulted in 5,212 confirmed data breaches.
SEE: Mobile Device Security Policy (Tech Republic Premium)
A ransomware attack occurs when a hacker, usually an organized crime group or a nation-state, infiltrates an organization’s network. Once inside, the hacker encrypts the organization’s production and backup data so that it cannot be used. In order to get the decryption keys, regain access to their data and restart their activities, the victim is charged a ransom, usually in the form of bitcoin. This is a form of extortion.
The main reason for the huge increase in the deployment of ransomware over other types of malware is profitability, said Alex Pinto, senior manager for security research at Verizon and one of the authors of the report.
If a cybercriminal steals credit card information or trade secrets, they need to find a buyer. That includes work. It is much easier and faster to profit from the crime if the buyer is also the victim. Therefore, Pinto believes that ransomware will remain the main form of malware for years to come.
Cybercriminals also target smaller organizations, as they may not have the cyber defenses, personnel or other resources to block or easily recover from an attack when one occurs, Pinto said.
“With regard to breaches, attackers often exfiltrate personal data, including email addresses, as it is useful for financial fraud. There is also a large market for their resale, meaning they really are the ‘gift’ that keeps on giving,” the report said.
While typically less damaging than ransomware, denial-of-service attacks remained the most common type of malicious attack, accounting for 46% of all incidents, followed by backdoors and command-and-control malware at 17%.
Human error remains the main threat vector
The primary way attackers gain access remains human error. The “human element” was involved in 82% of the breaches, the report said. Employees continue to fall victim to phishing emails and giving up their credentials: Four out of five attacks on web applications were stolen credentials, the report said.
SEE: Password Breach: Why Pop Culture and Passwords Don’t Mix (Free PDF) (TechRepublic)
Misconfiguration errors by IT administrators, while less of a problem than in years past, also lead to successful system intrusion attacks.
Attacks using unpatched versions of Microsoft’s remote desktop protocol were also very popular. This vector was responsible for 40% of successful ransomware attacks.
At 56% and 28% respectively, web application and email servers are the two most targeted assets by hackers. Although the number doubled from last year, vulnerabilities in software accounted for only 7% of breaches in 2021. 80% of web-facing server breaches involved stolen credentials.
“Unfortunately, if you can access the assets directly over the internet by simply entering the credentials, so can the criminals,” the report said.