Cyber attacks become more targeted with data theft as the goal
Mass cyber attacks are now being outnumbered by targeted attacks, with 65 percent of the total in the third quarter of 2019 being targeted, compared to 59 percent in the previous quarter.
The latest threatscape report from Positive Technologies also shows data theft grew to 61 percent of all attacks on organizations and 64 percent of all attacks on individuals (compared to 58 and 55 percent respectively in the second quarter). The share of attacks with direct financial motivation was 31 percent.
Businesses continue to be the main focus too, with just one out of five attacks directed against individuals. Where individuals are the target, 47 percent of all data stolen consists of login credentials. In attacks on organizations, personal data makes up 25 percent of all stolen information.
The report notes a reduction in cryptocurrency miner attacks, to just three percent of attacks against organizations and two percent of attacks against individuals. This may be due to the gradual transition by attackers to malware with multifunction capabilities. An example being the Clipsa Trojan, which can stealthily mine cryptocurrency, steal passwords, tamper with addresses of cryptocurrency wallets, and launch brute-force attacks against WordPress sites.
Leigh-Anne Galloway, cyber security resilience lead at Positive Technologies says:
Social engineering remains as popular as ever among attackers, and actually almost doubled in use between Q2 and Q3 -- from 37 percent to 69 percent. Cybercriminals steal millions by forging messages and sending phishing emails. They present themselves as belonging to a trusted company and send an invoice with their own bank account number. This has generated some major returns for criminals targeting large organizations. For example, Cabarrus County, North Carolina received an email stating that the account number of the county's construction contractor had changed and -- not realizing that the message was a fake -- the county transferred $2.5 million to an account belonging to cybercriminals instead of the contractor.
Malware infections are increasing as well. Three quarters of attacks on organizations, and almost two thirds of attacks on individuals, involved malware infections. While infection of corporate infrastructure usually starts with a phishing email, infection of individuals tends to involve compromised websites, as was the case in 35 percent of attacks on individuals.
The report notes regular attacks by organized crime groups such as TA505, the arsenal of which includes the Dridex banking trojan. It also reports the resurgence of Emotet after a lull of several months with the botnet's operators offering malware-as-a-service.
You can download the full report from the Positive Technologies site.