The percentage of global companies reporting financially motivated cyber-attacks has doubled over the past two years, with 50 percent of surveyed companies associating ransom as the leading motivation for attacks over other attacks, including insider threats, hacktivism and competition, according to a report by Radware, a Mahwah, N.J.-based cybersecurity solutions provider.
Radware’s 2017-2018 Global Application and Network Security Report found that as the value of bitcoin and other cryptocurrencies – often the preferred form of payment among hackers – has appreciated, ransom attacks provide an opportunity for hackers to cash out for lucrative gains months later.
According to the report, the top driver of cyber-attacks is now cyber-crime. Attackers are motivated by financial gain and driven by the prosperity of cryptocurrencies. Meanwhile, attacks are becoming more targeted. A determined enemy will take the time to learn the target by investing in reconnaissance, social engineering and specific tools.
Malware and bots and socially engineered threats emerged as the most common attack vectors, the report states.
The Radware report is a cross-industry report compiled by Radware’s Emergency Response Team (ERT), leveraging vendor-neutral survey data from 605 IT executives spanning several industries around the globe, including healthcare.
The number of companies that reported ransomware attacks in which hackers use malware to encrypt data, systems, and networks until a ransom is paid surged in the past year. Globally, 42 percent of companies experienced ransomware attacks, a 40 percent increase from the 2016 survey. Companies don’t expect this threat to go away in 2018 either. One in four executives (26 percent) see ransom as the largest threat to their business sector in the coming year.
“The rapid adoption of cryptocurrencies and their subsequent rise in price has presented hackers with a clear upside that goes beyond cryptocurrencies’ anonymity,” Carl Herberger, vice president of security solutions at Radware, said in a statement. “Paying a hacker in these situations not only incentivizes further attacks, but it provides criminals with the vital funds they need to continue their operations.”
Massive global cyber-attacks in 2017 succeeded simply because of unpatched vulnerabilities, and that represents a small and common human mistake with devastating impacts, the report states. Machine learning and AI-based solutions might seem like the logical solution. The report foudn that 20 percent of organizations already rely on such solutions and another 28 percent plan to implement them in 2018. "But these solutions aren’t fail-proof. Just consider the risks of AI poisoning, automated systems being thwarted and how such systems can go awry (e.g., Microsoft Tay and Facebook’s chatbots)," the report states.
Other key findings of the report include:
- Businesses are most concerned with their data when hit with a cyber-attack. Respondents noted that data leakage was their top business concern, followed by reputation loss and service outages.
- Despite one in four (24 percent) businesses reporting cyber-attacks daily or weekly, nearly 80 percent of surveyed organizations have not come up with a calculation for the cost of attacks, and one in three lack a cyber security emergency response plan.
- Respondents are not quite sure who is responsible for internet-of-things (IoT) security. When asked who needs to take responsibility for IoT security, there was no clear consensus among security executives. Responses pinned responsibility on the organization managing the network (35 percent of responses), the manufacturer (34 percent), and even consumers using these devices (21 percent).
- The prevalence of Distributed Denial-of-Service (DDoS) attacks grew 10 percent, hitting nearly two in five businesses. One in six suffered an attack by an IoT botnet and 68 percent of attacks resulted in a service degradation or complete outage. Both carry associated costs. 2017 also brought an increase in application-layer vs. network-layer attacks.
- Eighty percent of organizations aren’t calculating the cost of cyber-attacks. One in three still lack an emergency response plan even though cyber-attacks are becoming a near-daily fact of life. Alarmingly, following one in four attacks, a customer will leave or sue the attacked organization.
- Blockchain is a hot technology topic, yet 36% of respondents admit they don’t understand its mechanism. Only 10 percent think blockchain will improve information security.