According to research from the Verizon RISK Team, few breaches are unique, meaning the vast majority of incidents are caused by a small number of scenarios. Verizon classifies 18 different data breach scenarios into four groups; the human element, conduit devices, configuration exploitation and malicious software. For the purposes of this article we will focus on the malicious software that makes organizations vulnerable.
Verizon’s 2018 Data Breach Investigations Report states that over 75% of confirmed data breaches were financially motivated. They go on to report that ransomware is at the top variety of malicious software, being found in 39% of cases.
The lesson here is that malware is a big contributor to the breach landscape and it is rare that malware acts alone. These malicious software attacks can generally be defined as one of the four categories listed below.
Ransomware is a form of malware that uses encryption to lockout institutions from accessing their files. The attacker basically holds the data hostage until the user agrees to pay a ransom to regain access to their data. This type of attack increased by 36 percent in 2017, introducing 100 new malware types.
Ransomware is on the rise, and small businesses are especially vulnerable. One common ransomware is CryptoLocker, a Trojan that targets computers that run Microsoft Windows. The malware encrypts data with an accompanying message that the data will be decrypted upon a ransom of Bitcoins paid by a set deadline. Victims of ransomware have mainly included universities and the healthcare industries, though SMBs have been targeted as well.
2. Sophisticated Malware
Sophisticated malware are custom-written viruses designed to disable a system’s security and its anti-virus measures. As suggested in its name, the attacks are highly advanced and often targeted towards specific institutions with well-established IT security implementations in place. While breach detection time dropped significantly to 146 days in 2015 from 416 days in 2012, some malware can still go undiscovered for years.
One of the more sophisticated malware attacks occurred in February 2015 when the Society for Worldwide Interbank Financial Telecommunication (SWIFT) reported a cyber-heist where hackers successfully withdrew $81 million from a bank in Bangladesh. According to SWIFT, hackers obtained user credentials and submitted fraudulent SWIFT messages that corresponded with authorized money transfers.
In this instance, a malware known as Trojan PDF Reader was used to manipulate PDF reports and avoid detection.
3. RAM Scraping
Certain malware, known as RAM scraping, is designed to extract data from physical memory and typically targets point-of-sale systems. This malware targets the POS terminal during the brief vulnerable period when a transaction is taking place.
The now-infamous Target breach in 2013 is a prime example of hackers utilizing RAM scraping to steal the card information of more than 110 million Target customers. The attack went on for nearly two weeks before it was detected.
4. Credential Theft
When credentials are stolen it is difficult to detect a malicious “known user.” Using spyware/keylogger, stolen credentials, phishing, backdoor and password dumber tactics, these attacks allow threat actors to pose as a known user and gain carte blanche access to the network for months (if not longer) placing a great amount of data at risk. To prevent credential theft, Verizon recommends a strong password policy, two-factor authentication, patching vulnerabilities immediately, reviewing network logs, and addressing the SQL injection issues.
Malware Protection from Your MSP
Eternal vigilance, quick identification, and the right protections are key to avoiding major damage from a malicious software attack. Making sure your infrastructure is safe, up-to-date, scalable and compliant is vital in keeping your company in good standing.