Ransomware supplanting data theft

The number of records breached in 2017 fell by nearly 25% last year to 2.9 billion as cybercriminals shifted focus to ransomware attacks, according to the latest IBM X-Force Threat Intelligence Index.

By contrast, ransomware and destructive attacks (threatening to destroy data unless the victim pays a ransom) wreaked havoc in 2017, costing organisations worldwide more than US$8 billion ($10.4 billion).

The ICT sector was the most heavily targeted industry in 2017, accounting for 33% of all attacks. This was followed by manufacturing (18%) and financial services (17%). But the financial services industry suffered the highest volume of security incidents requiring further investigation (27%) for the second year in a row.

Cybercriminals targeting the financial sector are increasingly focused on leveraging banking Trojans targeting consumers as the financial services organisations themselves improve their security posture.

In 2017, the Gozi banking Trojan and variants were the most commonly used malware against the industry in 2017, the report states. The increased use of Gozi also highlights how organised crime is overtaking all other attackers in the financial malware-facilitated fraud scene.

“The trends in Australia are in line with what we are seeing around the world. Globally we saw a 424% increase in records breached through misconfigurations in cloud servers,” IBM Security IRIS for Asia-Pacific Pelin Nancarrow said.

“But there are steps organisations in Australia can take to mitigate cloud configuration risks [such as conducting] a proper risk assessment on the cloud deployment you or your organisation uses so you can first understand where, or if, there are risks that need attention.”

Organisations should also apply data confidentiality controls such as encryption and ensure that their security policies are embedded into contracts signed with cloud providers.

Image credit: ©iStockphoto.com

Follow us and share on Twitter and Facebook