Hackers and cyber criminals are becoming more sophisticated in their techniques of attacks. With greater sophistication and complexities, they are getting their hands on highly critical and sensitive data from almost every institution around the world. According to a report by Risk Based Security (RBS), a Richmond Virginia based company that keeps an eye on data breaches, there have been 2,227 publicly disclosed data compromise events through June 30 affecting business, government, medical and educational data and allowing hackers to steal 6 billion records. [Read the full report here]
According to Executive Vice President for Risk Based Security Inga Goddijn, “It is stunning to see the steady increase in the number of breaches impacting one million or more records. In the first six months of 2013, 2014 and 2015, the number of these large breaches hovered in the mid-teens. Last year we saw that number jump to 28, and now, for the first six months of this year, we’re tracking 50 such incidents.”
The report further states that hackers are increasingly using phishing techniques against citizens to steal employment and tax related data. In 2016 around 160 phishing attacks were responsible for stealing tax and salary information for employees. However, things have gone worse in the first six months of 2017 since there has been a 25% increase in these attacks.
“The breach activity we are tracking this year is a stark reminder of just how many data compromise financial gain motivates incidents. As long as information can be quickly monetized and systems remain vulnerable to attack, we should not expect to see any slowdown in breach activity,” said Goddijn.
It is a fact that there has been a sudden surge in ransomware attacks against unsuspecting users, educational institutions, government bodies businesses, medical centers, and hospitals. The WannaCry ransomware and Petya wiper malware attack are the best example of the increasing ransomware campaigns.
In a separate study conducted by researchers from University of California San Diego, New York University Tandon School of Engineering, Chainalysis, and Google, Malware can be a highly profitable business. Ransomware, the malicious software that encrypts victims’ data and demands a pay-off in order to unlock it, has made more than $25 millions over the last two years.
Based on the findings, researchers at Google, Chainalysis, UC San Diego, and the NYU Tandom School of Engineering investigated 34 different types of malware, tracking payments on the blockchain (the public, decentralised ledger of bitcoin transactions) to try and analyse the scale of ransomware and the amount of money its peddlers are making from victims. [Read the full story here]
They reportedly found people were forced to pay at least $25 million in an attempt to get their data back, with some types of ransomware proving more lucrative than others. For example, Locky first focused on building the malware and support infrastructure. Then they had other botnets spread and distribute the malware, which were much better at that end of the business, the report stated.
Ransomware made global headlines earlier in 2017 due to the “WannaCry” attack, which exploited vulnerabilities developed by the NSA to spread across the world, crippling hospitals, telecoms firms, logistics companies and more across at least 150 countries. One popular method is ”ransomware-as-a-service,” where criminal organizations rent out ransomware programs and the support system necessary to get paid to other criminals, charging a cut of the profits for the service, according to a 2017 Verizon report on data breaches.
As long as people continue to pay up, ransomware will continue to be profitable and won’t stop any time soon, concluded researchers.