In Verizon’s latest edition of its annual Data Breach Investigations Report, the telecom firm said cyberespionage and ransomware attacks are increasing while criminals continue to rely on proven methods in their attacks such as phishing and malware along with newer tactics such as pretexting.
With cyberespionage, Suzanne Widup, senior analyst at Verizon Enterprise Solutions, told WWD that the manufacturing sector in particular has been a key target of criminals, “but we’re seeing it across the board, and it is an attack that works well, and starts with phishing,” she said.
Widup said criminals are seeking out corporate and trade secrets that they can use and exploit. Manufacturing firms, technology companies and advanced manufacturing organizations are the primary targets. “Much of this is due to the high proliferation of propriety research, prototypes and confidential personal data, which are hot-ticket items for cybercriminals,” researchers said in their report. “Nearly 2,000 breaches were analyzed in this year’s report, and more than 300 were espionage-related, many of which started life as phishing e-mails.”
In the retail industry, Widup said there are less point-of-sale attacks than what was seen last year.
With ransomware, Verizon said the number of attacks has increased 50 percent compared to last year. The data for this year’s report comes from 65 organizations that involved 42,068 incidents and 1,935 breaches in 84 countries. Researchers at Verizon said organized crime “escalated their use of ransomware to extort money from victims” and despite the increase and related media coverage of attacks, “many organizations still rely on out-of-date security solutions and aren’t investing in security precautions. In essence, they’re opting to pay a ransom demand rather than to invest in security services that could mitigate against a cyberattack.”
George Fischer, president of Verizon Enterprise Solutions, said his firm’s data is “giving governments and organizations the information they need to anticipate cyberattacks and more effectively mitigate cyber-risk. By analyzing data from our own security team and that of other leading security practitioners from around the world, we’re able to offer valuable intelligence that can be used to transform an organization’s risk profile.”
Specific findings of the report found that malware represents 51 percent of data breaches analyzed. And phishing continues to serve criminals as a “go-to” tactic. “In the 2016 [the data breach report], Verizon flagged the growing use of phishing techniques linked to software installation on a user’s device. In this year’s report, 95 percent of phishing attacks follow this process. Forty-three percent of data breaches utilized phishing, and the method is used in both cyber-espionage and financially motivated attacks.”
Verizon said pretexting is increasing. This year’s report showed that pretexting “is predominantly targeted at financial department employees – the ones who hold the keys to money transfers. E-mail was the top communication vector, accounting for 88 percent of financial pretexting incidents, with phone communications in second place with just under 10 percent.”
Bryan Sartin, executive director of global security services at Verizon Enterprise Solutions, said that “cyber-attacks targeting the human factor are still a major issue. Cybercriminals concentrate on four key drivers of human behavior to encourage individuals to disclose information: eagerness, distraction, curiosity and uncertainty. And as our report shows, it is working, with a significant increase in both phishing and pretexting this year.”
For more business news from WWD, see: