Dialing in Mayhem for Profit: More Targeted Attacks, Less Malware

You can count on three things these days: death, taxes and the ever-increasing, evolving nature of security threats. According to Positive Technologies’ latest “Cybersecurity Threatscape” report, cyber incidents were up 47 percent for the second quarter of 2018 over the second quarter of 2017. The Positive Technologies 1Q18 report pegged the increase in cyber incidents over 1Q17 at 32 percent. Although a succession of two numbers doesn’t make a trend (yet), it’s a significant increase.

Additional findings of the second quarter report:

Just over half of the cyber incidents tracked for the report were targeted attacks on companies and their clients, Positive’s researchers found. Although significantly reduced from the first quarter, malware continues to play a big role in initiating incidents. But cybercriminals also attempted to exploit zero-day vulnerabilities, used social engineering to steal administrator passwords and penetrated partner companies as a stepping stone to reaching their ultimate targets.

Data theft continued to account for an increasing share of total attacks. In today’s complex computing environments, where data is stored in many places, often in hybrid cloud systems, it can be exceedingly difficult to ensure that your data is safe. This makes for “easy pickings even for low-skilled hackers, who perform more and more attacks every day,” said Positive’s researchers. E-commerce websites, online ticketing systems and hotel booking sites were some of the types of systems compromised. Data was the objective in 40 percent of the cases reviewed for the report. For comparison, direct financial profit was the objective in about the same number of cases at 39 percent.

Positive Technologies forecasts that the security threats aimed at data theft will continue to increase. Medical and personal data are especially at risk, as are government, hospitality and healthcare organizations and consumers.

Cryptocurrency attacks played a big role in the increase of cyber incidents. In May and June alone, cybercriminals netted more than $100 million in cryptocurrency attacks. There were twice as many such attacks in 2Q18 as there were in 1Q18.

Some 44 percent of attacks aimed at infrastructure. At 32 percent, attacks on web resources were up significantly over 2Q17’s 23 percent.

The use of malware dropped from 63 percent in 1Q18 to 49 percent in the second quarter. Credential compromises picked up the slack, with a 12 percent jump over the same period.

“One of the reasons for this dramatic growth [in the number of cyber incidents] is the development of dark web markets, where criminals sell ready-made malware and Trojans—for example, ransomware,” said Leigh-Anne Galloway, cybersecurity resilience lead, Positive Technologies. “Moreover, criminals provide malware technical support. The trend is that malware is becoming a full-fledged product and even low-qualified hackers can use it. The malware developers have realized that it’s more profitable and safer to develop viruses and Trojans and sell them than to perform attacks themselves.”

Protecting Against Security Threats

CISOs and CIOs: Every company should be actively practicing continuous improvement of the security of their systems and data. The indicators from the second quarter suggest some things that you might want to consider:

  • Is it time to strengthen passwords? Force your users to improve their credentials.
  • You’ve heard it before, but have you done it? Encrypt all your vulnerable data and any data your business needs.
  • If your organization has a complex environment, do you even know where all your data is? Make it your business to know or task someone with putting together that information.
  • Improve security awareness among clients and partners.
  • Do not delay installing patches; keep software up to date.
  • Does your security operations center use state-of-the-art software and services?

Scot Finnie

Avatar photo

Scot Finnie

Scot Finnie is an award-winning business and technology journalist, reviewer, columnist, editor, and manager. He was the editor-in-chief of Computerworld for 10 years. He's been a Windows and macOS operating system expert for two decades. He torture-tested laptop PCs. Was ZDNet's first editor.

scot-finnie has 14 posts and counting.See all posts by scot-finnie