Beazley’s, a specialist insurance group, has released their quarterly Breach Insight Report for Q3 2018. The report concerned the attacks managed by Beazley Breach Response Services, which deals with the aftermath of an attack, including the investigation and the breach response. One of the most prevalent findings of the report is the huge rise in the number of ransomware incidents seen in comparison to previous months.
Q3 saw a total of around 80 ransomware attacks on their clients. September was a particularly bad month, during which almost 45 of the attacks took place. The breach report notes that until September, the number of ransomware attacks was in line with the figures seen in 2017. It is unknown why there was a huge spike seen in September, and if this is a trend which will continue.
The report also detailed how different industries were targeted by attacks. The healthcare industry was the most targeted, falling victim to 37% of ransomware attacks. This is more than three number of attacks that were targeted at the professional services industry, which came in second place with 11%.
According to the report, malware attacks (which include ransomware attacks) were responsible for 47% of breaches in Q3 2018. The next most common cause of a breach was accidental disclosure (20%), followed by insider (10%), social engineering (8%), portable device (6%), and the physical loss of non-electronic records (5%). Payment card fraud only accounted for 1% of the attacks, and the remaining 3% had unknown causes.
The report highlights a growing trend in cyberattacks involving multiple malware variants. A case study mentioned in the report about one particular banking Trojan, Emotet. Banking Trojans are malware used to obtain the sensitive information of customers using online banking systems, and poses a major threat to security as the malware grows increasingly complex.
Emotet is often spread through phishing attacks and is used to steal bank credentials. Once installed, it has the capability to download further malicious payloads. When the credentials have been obtained, a ransomware payload is downloaded and executed. This strategy is becoming increasingly common and poses a serious threat to those who do not have robust security systems. The ransom demands can be considerable. One group demanded a $2.8 million ransom after an extensive infection that included the encryption of backups.
The Beazley report quotes Winston Krone, the global managing director of Kivu Consulting, who describes “a sharp increase in ‘bad’ ransomware strains – where the malware carries out the encryption but has poor functionality, fatally corrupts substantial portions of the victim’s data, fails to decrypt properly after payment of a ransom, or is favored by volatile, unskilled attackers who are unable to troubleshoot decryption issues.”
Therefore, even if the ransom is paid, the organisation faces huge data losses and irreversible damage to their files. These unsophisticated attacks are becoming more common, but there is still some way to go in developing systems which can prevent this sort of damage.
The increasing prevalence of malware and ransomware attacks highlights the importance of regular data backups and security audits. As malware is often delivered to a system through phishing attacks, employee training courses should be run on how to spot suspicious emails and avoid falling victim to a scam. Security audits should include the development of a thorough first-response program in the event that a breach is discovered.
The report found that large organisations account for only 29% of the ransomware incidents. Although large organisations may be lucrative targets-they would have the funds available to pay a larger ransom-they also often have better security systems in place and have more resources to devote to the immediate aftermath of an attack. Furthermore, larger organisations are more likely to have their own backups in a secure location, and therefore would not need to pay the ransom in order to return to full functionality.
Small and medium businesses are much easier targets for attackers. They don’t have the access to resources that larger organisations would, and are less likely to have a good backup policy. Although attackers would have to ask for a smaller ransom, they are more likely to receive it.
With regards to the healthcare industry, ransomware and hacking incidents have been at the forefront of the public consciousness. However, the Breach Insights report shows that accidental disclosures are the leading type of breach in the healthcare industry and accounting for 32% of all data breaches in Q3. Hacking/malware incidents account for 30%, which is 10 percentage points higher than Q3 2017. This was followed by 17% of breaches were caused by insiders, 9% involved the loss of physical records, and 6% involved the loss of portable electronic devices.
Although the hacking/malware figures are only just catching up with the accidental disclosure incidents, the former type of breach tends to expose a much greater amount of protected health information (PHI), due to potentially thousands, even millions, of files being compromised in each attack. Accidental disclosures may happen more frequently, but only affect a relatively small number of individuals each time.