Ransomware has become the most profitable malware type in history.
This is according to the Cisco 2016 Midyear Cybersecurity Report, which finds organisations are unprepared for future strains of more sophisticated ransomware. It notes fragile infrastructure, poor network hygiene and slow detection rates are providing ample time and air cover for adversaries to operate.
According to the report, the struggle to constrain the operational space of attackers is the biggest challenge facing businesses and threatens the underlying foundation required for digital transformation. Other key findings include adversaries expanding their focus to server-side attacks, evolving attack methods and increasing use of encryption to mask activity.
Security solutions vendor Trend Micro says during the first half of 2016, it discovered 50 new ransomware families - and this only represents the known families. Within that same period, Trend Micro says, an even greater number of ransomware variants have been spread across different regions and industries, causing more than $200 million in damages within the first three months of the year.
Russian-based cyber security firm Kaspersky Lab says malicious programs such as ransomware that infect computers and encrypt critical corporate data present a serious problem, especially for small businesses.
According to Kaspersky's global IT Security Risks 2016 survey, nearly 42% of SMEs fell victim to ransomware in the past 12 months.
It says 34% of these paid the ransom and one in five were not able to recover their data, even after the demands of cyber criminals were met. Kaspersky research also shows a huge surge in ransomware attacks on businesses - almost six-fold growth (from 27 000 000 in 2014-2015 to 158 600 000 in 2015-2016).
Cisco expects to see this trend continue with even more destructive ransomware that can spread by itself and hold entire networks, and therefore companies, hostage. The company says new modular strains of ransomware will be able to quickly switch tactics to maximise efficiency.
For example, it notes, future ransomware attacks will evade detection by being able to limit CPU usage and refrain from command-and-control actions. These new ransomware strains will spread faster and self-replicate within organisations before coordinating ransom activities.
Cisco discovered that visibility across the network and endpoints remains a primary challenge. On average, organisations take up to 200 days to identify new threats.
"As organisations capitalise on new business models presented by digital transformation, security is the critical foundation," says Terry Greer-King, director of security at Cisco. "Attackers are going undetected and expanding their time to operate. To close the attackers' windows of opportunity, businesses will require more visibility into their networks and must improve activities, like patching and retiring aging infrastructure lacking in advanced security capabilities."
Cisco says as attackers innovate, many defenders continue to struggle with maintaining the security of their devices and systems. Unsupported and unpatched systems create additional opportunities for attackers to easily gain access, remain undetected, and maximise damage and profits.
The Cisco report shows this challenge persists on a global scale. While organisations in critical industries such as healthcare have experienced a significant uptick in attacks over the past several months, the report's findings indicate all vertical markets and global regions are being targeted.
Share