Over 2.9 billion data records were leaked online globally in 2017, a drop of 25% from 4 billion records breached in 2016, according to a report from IBM Security.
The report, IBM X-Force Threat Intelligence Index 2018, however revealed that cybercriminals shifted their focus on ransomware attacks and other destructive attacks, where they demanded ransom from the victims by locking or destroying data.
“Last year, there was a clear focus by criminals to lock or delete data, not just steal it, through ransomware attacks. These attacks are not quantified by records breached, but have proven to be just as, if not more, costly to organizations than a traditional data breach,” said Wendi Whitmore, Global Lead, IBM X-Force Incident Response and Intelligence Services (IRIS). “The ability to anticipate these attacks and be prepared will be critical as cybercriminals will continue to evolve their tactics to what proves most lucrative.”
- Over $8 billion paid as ransom in 2017
Ransomware attacks like WannaCry, NotPetya, and Bad Rabbit grabbed the headlines in 2017, bringing enormous number of organizations to a halt. These cyberattacks infected and locked the systems and infrastructure in many industries including healthcare, transportation, and logistics.
The attackers locked the critical data through ransomware attacks, and demanded a huge sum of money from organizations, rather than leaking it online. As per the report, an amount of more than $8 billion was paid as ransom to the cybercriminals in 2017.
Longer the companies took to respond to the attack, the more it costed. According to another IBM Security study last year, a slow response can impact the cost of an attack, as the incidents that took longer than 30 days to contain, costed $1 million more than the incidents than those contained within 30 days.
- Human error and misconfigured cloud servers responsible for data breaches
Human error and mistakes in infrastructure configurations like misconfigured cloud infrastructure, were responsible for around 70% of the compromised records.
According to the report, cybercriminals were aware of the existence of the misconfigured cloud servers, because of the mistakes by employees. Hence, the number of records breached through misconfigured cloud servers rose to 424% in 2017.
- Millions of phishing attacks
A lot of organizations were attacked through phishing attacks. The attackers launched spam campaigns and sent links and attachments that contained malicious code. When the links were clicked or the attachments were opened, the malicious code attacked the system.
In some instances, the cybercriminals relied on Necurs botnet, and distributed millions of spam messages within a few days. For example, IBM X-Force observed four separate Necurs campaigns that spanned more than 22 million emails, within two days in August 2017.
- Drop in cyberattacks against Financial Services industry, but rise in banking Trojan
Information & Communication Technology and Manufacturing industries were the most attacked industries in 2017, accounting for 33% and 27% of the attacks, respectively.
Financial Services, the most targeted industry by cybercriminals for last few years, was the third-most attacked industry (17%) in 2017. However, it still faced the highest volume of security incidents (27%), for the second consecutive year.
The drop in the number of attacks on Financial Services organizations was because of the heavy investment in cybersecurity technologies by the industry. However, the cybercriminals started targeting the customers and end-users across the industry, using banking Trojans.
The banking Trojan is a malicious program used to gain confidential information about customers and clients using online banking and payment systems. In 2017, the Gozi banking Trojan and its variants were the most used malware against finance industry.