Ransomware and Malware attacks decline in 2018, as cyber criminals increasingly look to exploit people online using methods such as Phishing and Cryptocurrency Mining
The world has never been more connected than it is today with figures showing that nine out of ten European households are online. But when everything is connected, everything can also be disrupted, with cyber criminals constantly looking for new illegal techniques to use the internet for their financial gain.
Cyber criminals use a variety of dirty tricks in their ongoing quest to disrupt the confidentiality, integrity or availability of data, and steal or extort money. While these online risks remain prevalent, Microsoft’s latest Security Intelligence Report has found that the fightback by cyber security professionals against these hackers is proving successful, as during 2018 there was a major decline in Ransomware and Malware attacks across the globe, with Ireland having some of the lowest rates globally.
This is a significant change from 2017, following a prolific series of attacks, including NotPetya, WannaCrypt, amongst others that targeted supply chains globally. Initial predictions were that these attacks would increase, however, improvements in cybersecurity measures and detection have impacted on the success rates of these attacks. In fact, there was a 60% drop in Ransomware attacks globally between March and December 2018. Malware attacks also saw a drop globally over 2018, with Ireland reporting the lowest monthly malware encounter rate of 1.26%.
Phishing and Cryptocurrency Mining are on the rise
While these figures are positive and show that we are moving in the right direction, the research also revealed that hackers are pivoting to more covert means, with an increased focus on exploiting users through social engineering methods like Phishing to gain access and exploit data.
Phishing rates have increased with cybercriminals also covertly using victims’ compromised computers for Cryptocurrency Mining.
While Cryptocurrency Mining is not a new phenomenon, there has been an increase in its prevalence globally over the last year. In 2018, the average worldwide monthly Cryptocurrency coin mining encounter rate was 0.12%, compared to just 0.05% for Ransomware.
Many factors have contributed to this increase. Cryptocurrency Mining does not require user input, it works in the background while the user is performing other tasks or is away from their computer and may not be noticed unless it sufficiently degrades the computer’s performance. Another driver is the availability of ‘off the shelf’ products for covert mining of many Cryptocurrencies, which cybercriminals repackage as malware to deliver to unsuspecting users’ computers.
While this threat has increased on a global level, Ireland again saw some of the lowest encounter rates of Cryptocurrency Mining at 0.02%.
Poor employee security habits are putting Irish organisations at risk
Another piece of research published by Microsoft recently on the cyber security habits of employees working at private and public sector organisations in Ireland, found that 54% of respondents within large organisations only receive cyber security training once a year. It also found that passwords are becoming easy to guess or steal, as two in five Irish employees recycle their work passwords, and 44% recycle their personal passwords.
Poor password hygiene and a lack of cyber security training will increase the success rate of cyber criminals over time. It will also increase the potential for serious security breaches and data loss, which could have major consequences for an organisation from both a financial and reputational standpoint.
Responding to, and recovering from, cyberattacks takes time and resources. Despite cyber initiatives and investments made by companies and governments, gaps remain, and threats continue to evolve. As part of its on-going efforts to drive better security for organisations, Microsoft invests $1bn each year in security, with 3,500 full-time security professionals working at Microsoft, it analyses more than 6.5 trillion signals daily, processes 630 billion authentications monthly and scans 470 billion e-mails for malware and phishing monthly. We are uniquely positioned to help our customers and security professionals manage these challenges and emerging security threats.
Solutions Director, Microsoft Ireland