Ransom cyber attacks double in Europe

Radware has found that hackers and companies agree on one thing: Data is lucrative.

  • Wednesday, 11th January 2017 Posted 7 years ago in by Phil Alsop
Radware’s Global Application and Network Security Report 2016-2017 revealed that 49% of European businesses confirmed cyber-ransom was the #1 attack motivation in 2016, an increase of nearly 100% from the 25% recorded in 2015. What’s more, 25% of European IT professionals surveyed said they were worried about a full or partial outage from cyber-attacks, 23% said data leakage or loss was their key cyber security concern, 18% said reputation loss, 7% were concerned with service degradation and 6% feared customer or partner loss.
Despite this rise, the study revealed that less than half of European businesses interviewed claimed to be well prepared to fight ransom attacks with 44% having no cyber security emergency response plan in place. Additionally, 77% said they didn’t have cyber-insurance for their business and only 5% keep bitcoins on hand for ransoms.
The full report identifies 2016’s major attack trends, outlines industry preparedness, and gives insider views. The biggest findings included:
  • 49% of European respondents reported that ransom was the top motivation behind cyber-attacks they had experienced in 2016, followed by competition (30%), political hacktivism (27%), and insider threats (20%).
  • Half of all organisations surveyed globally had experienced a malware or botnet attack in the past year, and 55% said that IoT complicates their detection or mitigation requirements as it increases the surface of the attack landscape making it harder to defend.
  • Global respondents felt least prepared to defend against Advanced Persistent Threats (43%)
  • Massive DDoS attacks made headlines in 2016. These big attacks can do a lot of damage: Globally, 35% reported impact to their servers, 25% claimed damage to their internet pipe, and 23% said large-scale attacks caused the failure of their firewall.
  • More than 76% of European DDoS attacks reported by organizations were under 1 Gbps.
“The message from our report couldn’t be clearer: Money is the top motivator in the threat landscape today,” said Pascal Geenens, Radware’s EMEA Security Evangelist. “Attackers have expanded their skillset and are leveraging new tools in their attempts to access lucrative data. Whether it is a ransom attack to lock a company’s data, a DDoS smokescreen to facilitate information theft or a brute force attack to attempt to gain direct access to internal data, attackers have shown that unprepared businesses will be easy targets.
“We expect these attacks to continue to gain momentum as the Darknet becomes mainstream and offers relatively easy and affordable access to powerful tools and hacking services that can wreak havoc on businesses. The scope of attacks available will also grow due to the huge increase in unsecure IoT connected devices that reside in our homes, offices, and even on our person. Our report shows that most organisations are still not prepared to fend off many of the more sophisticated attacks or deal with ransom attacks.”
Key trends for 2017 from the report include:
  • With the code for the Mirai IoT Botnet now available to the public, novice and sophisticated hackers are already adjusting and “improving” the code’s capabilities, tailoring it to meet their own cyber objectives. In 2017, exponentially more devices are expected to become targeted and enslaved into IoT botnets. IoT device manufacturers will have to face the issue of securing their devices before they are brought to market, as botnet attacks from these devices can generate large-scale attacks that easily exceed 1 Tbps. 
  • Cyber ransom is the fastest-growing motive and technique in cyber-attacks, as most phishing attempts now deliver ransomware. Today, threat actors focus their ransom attacks to target phones, laptops, company computers, and other devices that are a daily necessity. In the future, they may target lifesaving healthcare devices like defibrillators.
  • Rise of Permanent Denial of Service (PDoS) for Data Centre and IoT Operations: Also known loosely as “phlashing”, PDoS is an attack that damages a system so badly that it requires replacement or reinstallation of the hardware itself. While these attacks have been around for a long time, they only appear sporadically. However, they can do a tremendous amount of damage. Radware anticipates that more threat actors will target the destruction of devices via PDoS attacks in the coming year.
  • Telephony DoS (TDoS) is expected to rise in sophistication and importance, catching many by surprise. Cutting off communications during crisis periods, such as terror attacks, could impede first responders’ situational awareness, exacerbate suffering and pain, and potentially increase loss of life.
  • Public transportation held hostage. From trains and planes to buses and automobiles, entire systems of transportation are becoming self-guided. This automation is meant to provide increased safety, improved reliability, and higher efficiencies. Most of this critical infrastructure may be vulnerable to threat actors looking to hijack public transportation or lock the system down with ransomware. 
“The intent of today’s threat actor is to develop the best tools possible to either disable an organisation or steal its data,” said Geenens. “While businesses focus on delivering the highest value to their customers, they will also have to stay vigilant and ensure they are able to meet the security challenges they will likely face. Security must be woven into the customer experience for a company to truly succeed. Without this change in thinking, organisations will remain vulnerable.”
Radware’s Emergency Response Team (ERT), which actively monitors and mitigates attacks in real-time, creates this annual report for use by the security community. The ERT team compiles this report using a combination of data from a vendor-neutral survey of organisations, Radware’s in-the-trenches experience fighting cyber-attacks, as well as the perspective of third-party service providers. The goal of this report is to provide the industry with insights and best practices to help prepare for 2017’s security landscape.