Report Reveals the Rise of Ransomware and the Importance of the Human Element

Drew Robb

Turbomachinery, Oil & Gas, and Power Generation are all experiencing a greater frequency of attacks from cybercriminals.

The Verizon Data Breach Investigations Report (DBIR) is eagerly awaited each year. It provides a window into the world of global trends in security. This year’s analysis looked into 79,635 incidents around the world, of which 5,258 were confirmed data breaches.

Incident: A security event that compromises the integrity, confidentiality or availability of an information asset. Breach: An incident that results in the confirmed disclosure—not just potential exposure—of data to an unauthorized party.

Social engineering (primarily phishing – whereby the assailant sends scam emails in order to trick someone into clicking on a malicious link or attachment) came up as the top avenue of incursion used in breaches. More than 30% of incidents stemmed from it, while web application attacks accounted for around 25% and system intrusions scored almost 20%. Not surprisingly 85% of breaches included a human element with 61% involving credentials, and 13% containing ransomware. About 10% of the ransomware attacks cost organizations an average of about $1 million – whether from forking over the cash, remediation, or lost revenue.

This manufacturing industry, of which turbomachinery is a subset, is beset by phishing and other social engineering schemes. The same holds true for oil & gas, power generation, and utilities. These industries suffered heavily from social engineering attacks this year. Credentials, personal and internal data are the most commonly lost data varieties. Ransomware is also a major threat. Verizon noted sustained phishing campaigns against many organizations. This indicates that these companies are viewed as lucrative targets.

The sector witnessed a marked rise in ransomware-related breaches. Overall, these kinds of attacks accounted for the bulk of breaches in the sector. Internal threats stemming from a rogue employee only accounted for 19% of the total. In almost all cases, the motive was financial. However, there is a small percentage of industrial espionage impacting manufacturing.

The primary tactic is to compromise log in credentials. If someone clicks on a malicious link, the bad guys can take over their email account, and gain entry to other parts of the network. Threat actors were more likely to use a social engineering attack (75.4% were phishing) or a hacking attack (79.5% were via the use of stolen credentials) to gain an initial foothold. From there, cybercriminals seek out additional credentials such as those with administrative privileges of those related to financial accounts. They also install malware, sometimes letting it lurk unseen for months while they study the opportunities available.