Filed Under:Risk Management, Cybersecurity

Cyberattacks involving extortion are on the up, Verizon says

Criminals have increasingly shifted from going after individual consumers to attacking vulnerable organizations and businesses. (Photo: iStock)
Criminals have increasingly shifted from going after individual consumers to attacking vulnerable organizations and businesses. (Photo: iStock)

(Bloomberg) -- Cyberattacks involving ransomware — in which criminals use malicious software to encrypt a users’ data and then extort money to unencrypt it — increased 50 percent in 2016, according to a report from Verizon Communications Inc.

And criminals increasingly shifted from going after individual consumers to attacking vulnerable organizations and businesses, the report said. Government organizations were the most frequent target of these ransomware attacks, followed by health-care businesses and financial services, according to data from security company McAfee Inc., which partnered with Verizon on the report published Thursday.

Instances of ransomware attacks have grown along with the market for bitcoin, the digital currency that is most commonly how cybercriminals demand ransoms be paid because of its anonymity.

Malware raids with phishing email

While overall most malware was delivered through infected websites, increasingly criminals were turning to phishing — using fraudulent emails designed to get a user to download attachments or click on links to websites that are infected with malware — to carry out attacks. A fifth of all malware raids began with a phishing email in 2016, while fewer than 1 in 10 did the year before, according to the report.

"These emails are often targeted at specific job functions, such as HR and accounting — whose employees are most likely to open attachments or click on links — or even specific individuals," the report said.

Verizon is currently in the process of acquiring Yahoo! Inc.’s internet properties at a $350 million discount after revelations of security breaches at the web company. Yahoo said in December that thieves in 2013 stole information from 500 million customer accounts, from email addresses to scrambled account passwords. Such a data cache may allow criminals to go after more sensitive personal information elsewhere online.

Criminal gangs

Whereas in the past most ransomware simply encrypted the data on the device where it was first opened, Marc Spitler, a Verizon security researcher, said criminal gangs were increasingly using more sophisticated hacking techniques, seeking out business critical systems and encrypting entire data servers. "There is increased sophisticated surveillance and targeting of organizations to maximize profit," he said in an interview.

Criminal gangs were behind the majority of all cybersecurity breaches, Verizon said, with financial services firms the most common victims, accounting for about a quarter of all attacks.

Espionage also on the rise

But espionage — whether that was by foreign governments or unknown entities — was on the rise, Verizon said, accounting for 21 percent of all breaches in 2016 up from less than 10 percent in 2010. Besides governments, manufacturing firms were the most likely to be targeted in espionage-motivated attacks, the report said. There has also been a surge in espionage-related breaches targeting universities and other educational institutions, spiking from almost none in 2012 to more than 20 percent last year, it said.

Related: 3 wise cybersecurity solutions for 2017

The Verizon report, which is published annually, draws on the company’s own data from breaches its security consultants have responded to and data contributed by 65 partner organizations, including the U.S. Secret Service. NTT Security, a unit of Japan’s Nippon Telegraph and Telephone Corp., released a report earlier this week that showed results similar to Verizon’s findings.

Copyright 2017 Bloomberg. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.


No business is totally safe from cyber attacks

Hackers are not the only threat. Many data breaches involve the download of malicious codes and viruses. Here are two...

Featured Video

Most Recent Videos

Video Library ››

Top Story

5 insurance advisor marketing mistakes to avoid

The right marketing tactics can help insurance agents and brokers reach their goals.

Top Story

Fire prevention: 5 potential fire risks in your home

Can you identify fire hazards hiding in your home? Learn about potential fire risks and how to protect your home from flames.

More Resources


eNewsletter Sign Up

PropertyCasualty360 Daily eNews

Get P&C insurance news to stay ahead of the competition in one concise format - FREE. Sign Up Now!

Mobile Phone

Advertisement. Closing in 15 seconds.