sb-as logo
Story image

Cisco report reveals ransomware attacks on the rise: Expert commentary

03 Aug 2016

The Cisco 2016 Midyear Cybersecurity Report (MCR) was recently released, with some startling findings – organisations are unprepared for future strains of more sophisticated ransomware.

According to the report, the main contributing factors are fragile infrastructure, poor network hygiene and slow detection rates, which are all providing ample time air cover for cybercriminals to operate. The biggest challenge facing businesses is the struggle to constrain the operational space of attackers, which is threatening the underlying foundation required for digital transformation.

Other key findings include cybercriminals expanding their focus to server-side attacks, ever-changing and evolving methods of attack and the increasing use of encryption to mask activity. What’s more, thus far in 2016 ransomware has become the most profitable malware type in history. Perhaps one of the more concerning revelations is that visibility across the network and endpoints remains a challenge, as on average, organisations take up to 200 days to identify new threats.

Webroot Director of Threat Research, David Kennerly says ransomware is undoubtedly one of the biggest threats facing organisations today. He quotes statistics from the Webroot 2016 Threat Brief, which reveal that 97 percent of malware is morphs to become unique to a specific endpoint.

“Part of the problem is the rate at which polymorphic malware is developing, resulting in thousands of new strands each month,” Kennerly says.” Unfortunately, protecting against ransomware is currently a question of economics. It is often cheaper to pay the ransom to get the data back than the costs of regular back-ups and running the technologies to defend.”

So what can we do?

Recently, the NASCAR team Circle Sport-Leavine Family Racing(CSLFR) were the victims of a ransomware attack and they ended up paying (via Bitcoin) to get their data back.

Kennerly says no matter how tempting it may be, companies should never concede to the criminal and pay the ransom, as it not only fuels the ransomware economy but there is also no guarantee that the data will be returned.

“There have been instances of malware claiming to encrypt the data, but instead it has been deleted so paying the ransom still did not result in the data’s return. Ransomware is a very real threat and organisations and individuals need to ensure that firstly, adequate defences are in place, and secondly, valuable data is backed up so systems can be restored if need be,” Kennerly concludes.

Story image
Malware variants becoming increasingly prevalent, sophisticated and evolved
"The modern threat landscape and ongoing evolution of malware are loud factors pushing every business to understand and identify modern malware threats and the necessary precautions to take to protect against them."More
Story image
Phishing email attacks targeting remote workers on the rise
“Just because employees may be more used to their home office environment doesn’t mean that they can let their guard down."More
Story image
CompTIA forms Cybersecurity Advisory Council, led by 16 security execs
The new body will be co-chaired by Tech Data director of security solutions Tracy Holtz, and Alvaka Networks chief operating officer and chief information security officer Kevin McDonald.More
Story image
Sophos named a Numbering Authority in CVE programme
The programme, which runs an open data registry of vulnerabilities, enables programme stakeholders to correlate vulnerability information used to protect systems against attacks. More
Story image
22 billion records exposed from breaches in 2020 — report
The research also found that 35% of the breaches recorded by Tenable were caused by ransomware attacks, while 14% of breaches stemmed from email compromises.More
Story image
Check Point exposes Android malware vendor using dark net to rebrand products
Check Point security researchers have exposed an Android malware vendor using a marketer on the dark net to rebrand its products, with the intention of supercharging business and throwing off security vendors. More