There has been a decline in ransomware infections, but that does not mean that earned revenue has reduced for cyber-criminals.
According to the third instalment of the Check Point 2019 Security Report, threat actors are increasingly targeting public cloud and mobile deployments as they are determined to be the weakest and least protected points in an organization’s IT infrastructure. The research found that 18% of organizations globally had a cloud security incident in the past year; the most common incidents were data leaks/breaches, account hijacks and malware infections.
Also, 30% of IT professionals still think security is the responsibility of the cloud service provider.
Speaking at the launch of the report at the Check Point Experience conference in Vienna, Maya Horowitz, director of threat intelligence and research at Check Point, said that the first part of the research highlighted the rise of email-based attacks over web-based, and this was because of the reduction of exploitable vulnerabilities and more use of exploit kits.
Orli Gan, head of products and threat prevention at Check Point, added that 98% of attacks are aiming to earn money and cryptocurrency. “This is the first thing attackers go for and we expect this not to change going forward,” she said.
Gan also stated that ransomware revenue has stayed at the same level, and rather than sending mass emails campaigns, attackers in 2018 were targeting businesses as they were more likely to pay and the ransom request was dramatically higher.
Speaking to Infosecurity, Yaniv Balmas, group manager of security research at Check Point, said that we are seeing several cases of ransomware attacks on specific targets. “I wouldn’t say this is affecting all ransomware, but maybe two to three big families are doing this, but there is some shift in the trend happening now,” he said.
“Ransomware took us a bit of time to adjust to, and there are very good technologies which can practically prevent these sort of attacks, but perhaps the guys behind this ransomware are opportunistic and trying to make as much money as they can.”
Asked if he felt that there was more use of banking trojans with ransomware declining, as detected in recent research by Proofpoint, Balmas said that there had been a lot of change in the way banking trojans worked in the last five years, as today “they are doing everything: stealing credentials, injecting into your browser, but they are mainly delivering other malware.” He speculated that banking trojans may be a sideway to make some money, but they are more of a distribution network.
Infosecurity’s Online Summit will take place on March 26-27, with live sessions including “The Death of Ransomware: Long Live Other Malware” and “The Persistence of Legacy Systems.” Registration is now open, and CPE credits are offered for the 14 sessions across the two days.