Cybersecurity Trends in 2016: Ransomware Way Up, Point-of-Sale Attacks Way Down

Print Email

Two massive point-of-sale (POS) attacks in 2013 and 2014 forced the cybersecurity and retail industries to take more active measures to prevent these kinds of attacks. Cybercrooks stole data for about 40 million credit card accounts from Target Corp. (NYSE: TGT) in 2013, and Home Depot Inc. (NYSE: HD) theft in 2014 resulted in the about 56 million compromised credit card accounts.

Since 2014 POS attacks have declined by 93%, according to the 2017 SonicWall Threat Report. In 2014 SonicWall saw a 333% increase in the number of new POS malware countermeasures developed and deployed.

In addition to upgraded security systems at many retailers, wider adoption of the so-called chip-and-PIN cards that assign a unique verification code to each transaction and make it much more difficult for thieves to fake or steal usable data about the account. That’s the good news

The less good news is that cybercrooks have turned to ransomware in a big way. SonicWall detected an increase from 3.2 million ransomware attack attempts in 2014 and 3.8 million in 2015 to an astounding 638 million in 2016. By the end of the first quarter, $209 million in ransom had been paid by companies, and by mid‐2016, almost half of organizations reported being targeted by a ransomware attack in the prior 12 months.

SonicWall noted that the huge increase in ransoms was likely driven by easier access to the underground market combined with the low cost of mounting a ransomware attack, the ease of spreading it and the low risk of being caught.

Ransomware attacks rose from 30.9 million in the first quarter of last year to 136.7 million in the second quarter, 204.2 million in the third quarter and 266.5 million in the fourth quarter. No industry was ignored, with mechanical and engineering businesses getting 15% of all ransomware attacks in 2016, while pharmaceutical houses and financial services firms each received 13% of the attacks.

Even when the ransoms are paid (in untraceable Bitcoin) it is not uncommon for less than all the data to be recovered and, in at least one case, none was recovered. Yet the ransoms are usually a small part of the total cost of the attacks. A Michigan utility paid a $25,000 ransom to recover its data, but the attack cost the company $2.4 million in recovery costs, including enhancements to the utility’s cybersecurity staffing and practices.

The SonicWall report also recalls the massive distributed denial of service (DDoS) attacks of last September and October that used poorly secured passwords on a variety of Internet of Things (IOT) devices to bring internet service to its knees in parts of the country. The average financial burden on businesses in the affected area has been estimated at $22,000 a minute, with some costs running above $100,000 per minute. For a six-hour attack, that adds up to real money.

See the SonicWall report for more details.