Turning ransomware attacks into data breaches if the ransom isn’t paid, what’s being called exfiltration+encryption attacks, can be damaging on multiple levels. In the first half of this year 11 percent of ransomware attacks have adopted this tactic.
ID Ransomware, a website and free tool that allows ransomware victims to upload a ransom note or sample encrypted file to identify the ransomware used against them, had over 100,000 submissions between January 1 and June 30, 2020.
According to a survey of over 600 IT security professionals across seven countries, 88 percent of organizations saw spear phishing attacks, 55 percent fell victim to at least one phishing attack, 86 percent experienced business email compromise attacks and nearly two-thirds experienced a ransomware attack.
The burgeoning issue and financial fallout from spear phishing is evidenced by the sheer number of organizations that experience and fall victim to such attacks. In their 6th annual State of the Phish report, cybersecurity firm ProofPoint surveyed IT security professionals across the US, UK, Germany, France, Spain, Japan and Australia. This survey along with surveys of over 3,500 adults across the same seven countries plus the results of over 50 million simulated phishing emails provided eye-opening results in this multifaceted study. Here’s a quick overview of some of these survey results highlighted in ProofPoint’s State of the Phish 2020 report:
According to a recent survey from ProofPoint, more than 80 percent of information security (infosec) professionals saw an increase in phishing attacks in 2018 while nearly two-thirds reported an increase in spear phishing. Meanwhile, those who reported compromised accounts as a result of phishing attacks increased from 38 percent of infosec professionals in 2017 to 65 percent today.
In this context, phishing refers to fraudulent emails targeting an organization’s employees from an outside or untrusted source, and 83 percent of infosec professionals surveyed say these attacks increased last year. Nearly half of respondents reported malware infections as the result of phishing attacks mimicking their organization and 65 percent reported compromised account credentials. This is according to the 2019 State of the Phish Report from ProofPoint.
A fraudster calling himself Oleg Pliss is targeting Apple iPhones and iPads with an attack that prevents the user from unlocking the phone and displaying a message of where to send $100 to have the device unlocked. Details about the exploit are still being investigated, but it seems to be targeting devices via compromised iCloud accounts.
Ransomware is a type of malware that attempts to take a device hostage and requires payment to give control of the device back to the user, although sending payment does not guarantee the malware will relinquish control. While this type of malware has targeted computers for several years and has also targeted Android mobile devices, this is the first reported incidence affecting iOS devices. These attacks were originally concentrated in Australia but have since spread to the U.S. and elsewhere.