The use of ransomware to extort money increased 13% in 2021 compared to 2020, according to the Verizon 2022 Data Breach Investigations Report, now in its 15th year.
That 13% represents a greater increase in the deployment of ransomware than the last five years combined. This year’s report examined 23,896 incidents that resulted in 5,212 confirmed data breaches.
SEE: Mobile device security policy (TechRepublic Premium)
A ransomware attack occurs when a hacker, usually an organized crime ring or a nation state, infiltrates an organization’s network. Once inside, the hacker encrypts the organization’s production and backup data so it can not be used. To get the decryption keys, regain access to their data and restart their operations, the victim is charged a ransom, usually in the form of bitcoin. This is a form of extortion.
Why cybercriminals prefer ransomware attacks
The main reason for the massive increase in the deployment of ransomware over other types of malware today is profitability, said Alex Pinto, senior manager for security research at Verizon and one of the report’s authors.
If a cyber criminal steals credit card data or trade secrets, they have to find a buyer. That involves work. It is much easier and faster to profit from the crime if the buyer is also the victim. Because of this, Pinto believes ransomware will remain the main form of malware for years to come.
Cyber criminals also are targeting smaller organizations, since they may not have the cyber defenses, personnel or other resources to either block an attack or recover easily when one happens, Pinto said.
“With regard to breaches, attackers are frequently exfiltrating personal data, including email addresses, since it is useful for financial fraud. There is also a large market for their resale, which means they are truly the ‘gift’ that keeps on giving,” the report said.
Although typically less damaging than ransomware, denial of service attacks remained the top type of malicious attack, representing 46% of all incidents, followed by backdoors and command and control malware at 17%.
Human error remains the main ransomware threat vector
The main way attackers are obtaining access remains human error. The “human element” was involved in 82% of breaches, the report said. Employees are still falling victim to phishing emails and giving up their credentials: Four out of five web application attacks involved stolen credentials, the report said.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
Misconfiguration errors by IT admins, while less of a problem than in years past, also lead to successful system intrusion attacks.
Attacks exploiting unpatched versions of Microsoft’s remote desktop protocol were also very popular. This vector accounted for 40% of successful ransomware attacks.
At 56% and 28% respectively, web application and email servers are two most commonly targeted assets by hackers. Although double last year’s numbers, software vulnerabilities only accounted for 7% of breaches in 2021. 80% of web-facing server breaches involved stolen credentials.
“Unfortunately, if you can access the asset directly over the internet simply by entering the credentials, so can the criminals,” the report said.