Cyberattacks involving ransomware — in which criminals use malicious software to encrypt a users’ data and then extort money to unencrypt it — increased 50 percent in 2016, according to a report from Verizon.
And criminals increasingly shifted from going after individual consumers to attacking vulnerable organizations and businesses, the report said. Government organizations were the most frequent target of these ransomware attacks, followed by health-care businesses and financial services, according to data from security company McAfee, which partnered with Verizon on the report published on Thursday.
Instances of ransomware attacks have grown along with the market for bitcoin, the digital currency that is most commonly how cybercriminals demand ransoms be paid because of its anonymity.
While overall most malware was delivered through infected websites, increasingly criminals were turning to phishing — using fraudulent emails designed to get a user to download attachments or click on links to websites that are infected with malware — to carry out attacks. A fifth of all malware raids began with a phishing email in 2016, while fewer than 1 in 10 did the year before, according to the report.
“These emails are often targeted at specific job functions, such as HR and accounting — whose employees are most likely to open attachments or click on links — or even specific individuals,” the report said.
Verizon is currently in the process of acquiring Yahoo’s internet properties at a $350 million discount after revelations of security breaches at the web company. Yahoo said in December that thieves in 2013 stole information from 500 million customer accounts, from email addresses to scrambled account passwords. Such a data cache may allow criminals to go after more sensitive personal information elsewhere online.
Whereas in the past most ransomware simply encrypted the data on the device where it was first opened, Marc Spitler, a Verizon security researcher, said criminal gangs were increasingly using more sophisticated hacking techniques, seeking out business critical systems and encrypting entire data servers. “There is increased sophisticated surveillance and targeting of organizations to maximize profit,” he said in an interview.
Criminal gangs were behind the majority of all cybersecurity breaches, Verizon said, with financial services firms the most common victims, accounting for about a quarter of all attacks.
But espionage — whether that was by foreign governments or unknown entities — was on the rise, Verizon said, accounting for 21 percent of all breaches in 2016 up from less than 10 percent in 2010. Besides governments, manufacturing firms were the most likely to be targeted in espionage-motivated attacks, the report said. There has also been a surge in espionage-related breaches targeting universities and other educational institutions, spiking from almost none in 2012 to more than 20 percent last year, it said.
The Verizon report, which is published annually, draws on the company’s own data from breaches its security consultants have responded to and data contributed by 65 partner organizations, including the U.S. Secret Service. NTT Security, a unit of Japan’s Nippon Telegraph and Telephone Corp., released a report earlier this week that showed results similar to Verizon’s findings.