Ransom Requests Double And Cyberattack Breaches Surge 23 Percent In 2014
Last year saw a host of high-profile hacking cases in the news. None were more high profile than the Korean hacking of Sony, a move which had international political ramifications and saw the company's CEO lose her job.
It seems that these were not isolated incidents, either, as there was a surge in successful cyberattacks in 2014.
The 2014 Internet Security Threat report from Symantec shows that there were 312 data breaches last year, an annual increase of 23 percent. Ransomware attacks, where cyberthieves hijack victim's systems, lock up their data and then demand a ransom to unlock it, more than doubled, reaching 8.8 million incidents.
The report also says that hackers are streamlining and upgrading their techniques, while companies struggle to fight old tactics. It seems no business is safe from cyberattacks as 60 percent of all targeted attacks struck small- and medium-sized companies whereas 5 of every 6 large companies (those with more than 2,500 employees) were hit by attacks. That represented a massive 40 percent year-on-year increase for large businesses, compared with 26 percent and 30 percent for small- and medium-sized businesses, respectively.
Health care companies were a major focus of hackers, with 37 percent of breaches in that sector, compared with 11 percent in retail and 10 percent in education.
The security company found that hackers were using quickly evolving techniques and that defenses could not keep up. While there was a slight increase in targeted spear-phishing attacks (those aimed at a specific company), hackers widely used "watering hole" attacks and "trojanized" software updates to breach defenses. Watering hole attacks infect legitimate websites, then monitor the visitors and selectively target the particular companies. Hackers also hid their malware inside common software updates, then waited for certain companies to download those updates (hence the trojanized name), effectively causing the targeted businesses to infect themselves.
Things weren't much better for individuals. There was a 113 percent increase in ransomware extortion attacks. This is where hackers gain access to your files and photos, withhold the data and then request a ransom for its release. Typically, victims are asked to pay between $300 and $500 for a decryption key which will allow them access their files.
Mobiles are particularly vulnerable as people typically run anti-virus software on their computers but not on mobile devices. Incredibly, Symantec found that 17 percent of all Android apps are actually malware in disguise.
The one small comfort was that despite the increase in data breaches the total number of identities exposed in the attacks dropped sharply compared with 2013. Still, a total of 348 million identities were exposed, with hackers gaining access to real names, Social Security numbers, financial information and dates of birth.
Overall, the report paints a pretty bleak picture of the state of data security online, describing 2014 as "a year with far-reaching vulnerabilities, faster attacks, files held for ransom, and far more malicious code than in previous years." It's unlikely to stop us, though, from storing ever more information online and if hackers continue to outpace defenses you would expect the 2015 report to be even more damning.