Radware finds that hackers and companies agree on one thing: Data is lucrative, as ransom attacks top the list.
Radware’s Global Application and Network Security Report 2016-2017 reveals that 49 per cent of European businesses confirmed cyber ransom attacks is the #1 attack motivation in 2016, an increase of nearly 100 per cent from the 25 per cent recorded in 2015.
What’s more, 25 per cent of European IT professionals say they are worried about a full or partial outage from cyber-attacks, 23 per cent say data leakage or loss was their key cyber security concern, 18 per cent say reputation loss, 7 per cent are concerned with service degradation and 6 per cent fear customer or partner loss.
Despite this rise, the study reveals that less than half of European businesses interviewed claim to be well prepared to fight ransom attacks with 44 per cent have no cyber security emergency response plan in place. Additionally, 77 per cent say they didn’t have cyber-insurance for their business and only 5 per cent keep bitcoins on hand for ransoms.
Ransom attacks top the list
The full report identifies 2016’s major attack trends, outlines industry preparedness, and gives insider views. The biggest findings include 49 per cent of European respondents report that ransom was the top motivation behind cyber-attacks they had experienced in 2016, followed by competition (30 per cent), political hacktivism (27 per cent), and insider threats (20 per cent).
Half of all organisations surveyed globally experience a malware or botnet attack in the past year, and 55 per cent say that IoT complicates their detection or mitigation requirements as it increases the surface of the attack landscape making it harder to defend.
Global respondents feel least prepared to defend against Advanced Persistent Threats (43 per cent).
Massive DDoS attacks made headlines in 2016. These big attacks can do a lot of damage: Globally, 35 per cent report impact to their servers, 25 per cent claim damage to their internet pipe, and 23 per cent say large-scale attacks caused the failure of their firewall.
More than 76 per cent of European DDoS attacks reported by organisations were under 1 Gbps.
‘The message from our report couldn’t be clearer: Money is the top motivator in the threat landscape today,’ says Pascal Geenens, Radware’s EMEA Security Evangelist.
‘Attackers have expanded their skill set and are leveraging new tools in their attempts to access lucrative data. Whether it is a ransom attack to lock a company’s data, a DDoS smokescreen to facilitate information theft or a brute force attack to attempt to gain direct access to internal data, attackers have shown that unprepared businesses will be easy targets.’
Greenens adds, ‘We expect these attacks to continue to gain momentum as the Darknet becomes mainstream and offers relatively easy and affordable access to powerful tools and hacking services that can wreak havoc on businesses.
‘The scope of attacks available will also grow due to the huge increase in unsecure IoT connected devices that reside in our homes, offices, and even on our person. Our report shows that most organisations are still not prepared to fend off many of the more sophisticated attacks or deal with ransom attacks.’
With the code for the Mirai IoT Botnet now available to the public, novice and sophisticated hackers are already adjusting and ‘improving’ the code’s capabilities, tailoring it to meet their own cyber objectives.
In 2017, exponentially more devices are expected to become targeted and enslaved into IoT botnets. IoT device manufacturers will have to face the issue of securing their devices before they are brought to market, as botnet attacks from these devices can generate large-scale attacks that easily exceed 1 Tbps.
Cyber ransom
The fastest-growing motive and technique in cyber-attacks, as most phishing attempts now deliver ransomware. Today, threat actors focus their ransom attacks to target phones, laptops, company computers, and other devices that are a daily necessity. In the future, they may target lifesaving healthcare devices like defibrillators.
Rise of Permanent Denial of Service (PDoS) for Data Centre and IoT Operations
Also known loosely as ‘phlashing’, PDoS is an attack that damages a system so badly that it requires replacement or reinstallation of the hardware itself. While these attacks have been around for a long time, they only appear sporadically. However, they can do a tremendous amount of damage. Radware anticipates that more threat actors will target the destruction of devices via PDoS attacks in the coming year.
Telephony DoS (TDoS)
This is expected to rise in sophistication and importance, catching many by surprise. Cutting off communications during crisis periods, such as terror attacks, could impede first responders’ situational awareness, exacerbate suffering and pain, and potentially increase loss of life.
Public transportation held hostage
From trains and planes to buses and automobiles, entire systems of transportation are becoming self-guided. This automation is meant to provide increased safety, improved reliability, and higher efficiencies. Most of this critical infrastructure may be vulnerable to threat actors looking to hijack public transportation or lock the system down with ransomware.
‘The intent of today’s threat actor is to develop the best tools possible to either disable an organisation or steal its data,’ says Geenens.
‘While businesses focus on delivering the highest value to their customers, they will also have to stay vigilant and ensure they are able to meet the security challenges they will likely face. Security must be woven into the customer experience for a company to truly succeed. Without this change in thinking, organisations will remain vulnerable.’
Radware’s Emergency Response Team (ERT), which actively monitors and mitigates attacks in real-time, creates this annual report for use by the security community. The ERT team compiles this report using a combination of data from a vendor-neutral survey of organisations, Radware’s in-the-trenches experience fighting cyber-attacks, as well as the perspective of third-party service providers. The goal of this report is to provide the industry with insights and best practices to help prepare for 2017’s security landscape.