The latest 2020 Cyber Security Report from Kroll says that Ransomware has taken the top spot in what it sees as the threat rankings for the year.
The data, released by U.S. based risk consulting company, Kroll, says that ransomware was responsible for as much as one-third of all reported cyber security threat reports to the 1st of September, 2020.
The report maps out a number of the most dangerous threats that organisations and individuals face while operating online, and the results show that cyber criminals are increasingly turning to exploit organisations for a financial pay-off.
Ransomware took the top spot for the 2020 Cyber Security Threat rankings after accounting for more than one-third of all cyber attacks, while business email compromise (BEC) attacks took out a close second-place.
While ransomware accounted for 35% of the reported cyber security threats, business email compromises took out a narrow second-place with 32%.
According to Kroll’s data, technology companies, healthcare and professional services companies are the most likely to be targeted with a ransomware attack, and in the absence of an information security system like ISO 27001, cybercriminals are able to lock up a company’s data and ask for a ransom to be paid to make it accessible again.
Kroll says that cyber criminals are deploying new and more profitable techniques to steal information, as well as profit from the publication of sensitive information. This information could contain potential corporate secrets, logins, password information as well as massive datasets on clients and suppliers.
The report says that of all the ransomware campaigns noted in their research, one-third can be traced back to three major groups of cybercriminals.
“Ryuk and Sodinokibi, perennially the most observed form of ransomware attack in Kroll’s cases, have been joined by Maze as the top three ransomwares so far in 2020, comprising 35% of all cyber-attacks,” a spokesperson from Kroll has said.
“Many ransomware variants have added exfiltration and publication to their bag of tricks over the course of the year, and over two-fifths (42%) of Kroll’s cases with a known ransomware variant are connected to a ransomware group actively exfiltrating and publishing victim data,” they said.
Kroll says that in 26% of the cases they studied, a phishing email was likely the entry-point into an organisation or individual’s sensitive data, while 17% were traced back to vulnerabilities in the information security system deployed by the organisation.
Devon Ackerman, managing director and head of incident response in Kroll’s North America division has said that “we have seen a predictable surge in cyber-attacks so far in 2020 as the COVID-19 pandemic has given malign actors increased opportunities to cause havoc.”
“The ongoing evolution of ransomware creators is constantly shifting the goalposts for those trying to defend data and systems, so vigilance must remain at the top of CIO’s to do list,” Ackerman said.