Ransomware moved from nuisance to epidemic in 2016: IMB study

The year 2016 saw a 400% increase in spam year over year with roughly 44% of spam emails containing malicious attachments. Ransomware made up 85% of those malicious attachments in 2016, according to an IMB study titled: 2017 IBM X-Force Threat Intelligence Index. Ransomware is a malware spread through infected email attachments or programs that encrypts data and demands payment for a decryption key. Ransomware is technically inferior to other malware; operating ransomware demands much less knowledge and skill, which has attracted lower-level criminals to it in the past decade. “Cybercriminals continued to innovate in 2016 as we saw techniques like ransomware move from a nuisance to an epidemic,” said Caleb Barlow, Vice President of Threat Intelligence, IBM Security.
“While the volume of records compromised last year reached historic highs, we see this shift to unstructured data as a seminal moment. The value of structured data to cybercriminals is beginning to wane as the supply outstrips the demand. Unstructured data is big-game hunting for hackers and we expect to see them monetize it this year in new ways.”
The study comprises of observations from more than 8,000 monitored security clients in 100 countries and data derived from non-customer assets such as spam sensors and honeynets in 2016. IBM X-Force runs network traps around the world and monitors more than eight million spam and phishing attacks daily while analyzing more than 37 billion web pages and images. IBM Security found 70 percent of businesses impacted by ransomware paid over $10,000 to regain access to business data and systems. In February, last year, a California hospital paid a ransom of 40 Bitcoins (approximately USD17,000 at the time) to unlock encrypted files. In the first three months of 2016, the FBI estimated cybercriminals were paid a reported $209 million via ransomware. This would put criminals on pace to make nearly $1 billion from their use of the malware just last year.

Records compromised grew a historic 566% in 2016

In all, which includes other data breaches including ransomware, the IMB study finds that records compromised in 2016, grew a historic 566 percent from 600 million in 2015 to more than 4 billion. These leaked records include data cybercriminals have traditionally targeted like credit cards, passwords and personal health information, but IBM X-Force also noted a shift in cybercriminal strategies. In 2016, a number of significant breaches related to unstructured data such as email archives, business documents, intellectual property and source code were also compromised.

Shift from healthcare back to financial services

Information & communication services companies and government experienced the highest number of incidents and records breached in 2016.
  • Information and Communications (3.4 billion records leaked and 85 breaches/incidents)
  • Government (398 million records leaked and 39 breaches/incidents)
In 2015, healthcare was the most attacked industry with financial services falling to third. However, attackers in 2016 refocused back on financial services. While financial services was targeted the most by cyber-attacks last year, data from the X-Force report shows it was only third in compromised records. The lower success rate versus the high volume of attacks in financial services indicates that continued investment in sustained security practices likely helped protect financial institutions. The data for the financial services sector reveals a greater percentage (58%) of insider attacks versus outsider attacks (42%). The insiders are composed of both inadvertent actors (53%) and malicious insiders (5%). The healthcare industry continued to be beleaguered by a high number of incidents, although attackers focused on smaller targets resulting in a lower number of leaked records. In 2016, only 12 million records were compromised in healthcare – keeping it out of the top 5 most-breached industries. For perspective, nearly 100 million healthcare records were compromised in 2015 resulting in a 88 percent drop in 2016. Healthcare, also has a greater percentage (71%) of insiders (inadvertent at 46% and malicious at 25%) versus outsiders (29%). It can be useful to think of inadvertent actors as compromised systems carrying out attacks without the user being aware of it. The fact that the insider attacks targeting the financial services and healthcare were largely the result of inadvertent actors, organizations in thee sectors, according to the study, should focus on educating employees about phishing and how to avoid becoming a victim, use a variety of approaches—video, webinars, in-person instruction—and require training at intervals to make the risk clear.