Ransomware doubled last year, shifted focus to enterprise
6 January 2016 | 0
A majority of PCs in the workplace were struck by “at least one attempted malware infection” last year, cybersecurity company Kaspersky said in an overview of corporate threats observed throughout 2015 released last month.
Well over half, or 58%, of PCs were infected, representing a rise of more than 3% over 2014.
Meanwhile, CryptoLocker attacks doubled, Kaspersky says in its press release about the report. CryptoLocker attacks are when a trojan-infected PC user receives a ransom demand to decrypt files, stop a denial of service attack, or other onerous result if the ransom isn’t paid. And “cybercriminals don’t always honour the agreement once the ransom has been paid,” Kaspersky says.
Research continues to suggest that cybersecurity will be a big issue in 2016.
One in three “business computers were exposed at least once to an Internet-based attack” last year, Kaspersky estimated. And the enterprise is currently the focus of these assaults. Office-oriented applications were exploited “three times as often as in consumer attacks,” Kaspersky says in the release.
Not an accident
Unlike hacking of old, today’s hackers have been gathering intelligence on target companies.
“These attacks were found to be carefully planned, with cyber-attackers taking time to investigate a target company’s contacts and suppliers, and even the personal interests and browsing habits of individual employees,” according to the security outfit.
In other words, it is no longer just kids in bedrooms with a laptop and too much time on their hands.
USB sticks and other local threats, such as media devices, also increased last year. A 7% increase in the Android arena emerged as more hackers realised data was attainable off mobile devices as well as the traditional PC in the work environment.
The ransomware trojans, called CryptoLocker, were detected on over 50,000 machines in the corporate environment in 2015. That was twice the rate found in the previous year, and more than on consumers’ devices.
The reason for the enterprise-weighted targeting? It is probably because corporate powers are more likely to pay the ransom with no questions asked. Individuals could be more inclined to put up an argument — or just give up.
Banks, investment funds, and financial instrument handlers like exchanges were hit hard, Kaspersky says. It reckons one hacker group raked in $2.5 million (€2.33 million) to $10 million (€9.33 million) per successful attack.
It was not just traditional banks facing losses, though. Bitcoin was targeted heavily too, Kaspersky writes.
Kaspersky, as one might expect, reckons its products help. It says that over 11,000 attempts to infiltrate Point-of-Sale terminals in 2015 were blocked by Kaspersky products.
Seven “families of programs designed to steal data from PoS terminals” were brand new in 2015. The security outfit thinks that there are currently 10 “families” of programs hunting for access to the terminals.
Just like their corporate brethren, hackers have started to operate by hedging and diversifying.
The Chinese Advanced Persistent Threat (APT) is one that has “switched targets from companies involved in computer games to those in pharmaceuticals and telecommunications,” Kaspersky says.
APTs are stealthy and continuously exploiting processes run over a period of time.
The Winnti Group is also diversifying. It has gotten into pharmaceuticals.
Cat and mouse
Where is it all headed this year? Enterprises are now taking security more seriously. There are probably fewer IT employees who aren’t viewing it as a risk now. And that likely means law enforcement is catching on, too. So expect more nabs if the cat gets the mouse.
“We expect tougher safety standards from regulators, which could lead to more cybercriminals being arrested in 2016,” said Yury Namestnikov, senior security researcher at Kaspersky Labs.
Patrick Nelson, IDG News Service