Businesses have become a dominant target of ransomware attacks. According to a report by Radware, 49% of businesses have confirmed being the victim of a ransomware operation in 2016. Other 47% percent reported that ransom was the primary incentive of attacks they had experienced last year. Next on the list of “attack motivations” in insider threats with 27%, political hacktivism (26%), and competition (26%).
Half of the organizations that took part in Radware’s survey said that they experienced a malware or bot attack. 55% said that IoT has brought complications to their detection and mitigation requirements.
What about the plentiful DDoS attacks that took place in 2016? Radware says that only 4% of the attacks were over 50 Gbps. On the contrary, about 83% of the attacks reported by organizations were under 1 Gbps.
35% percent of the organizations Radware surveyed said that attacks affected their servers, 25% experienced troubles with their Internet pipe, and 23% reported issues with their firewall due to attacks. All of the respondents shared that the impact of the attacks brought 100% exhaustion leading to total failure.
According to Carl Herberger, Vice President of Security Solutions at Radware, money is the top motivator in the threat landscape today. This could easily mean that the attack environment of 2017 will not be much different than the one in 2016.
What about 2017? Having in mind that the source code of Mirai IoT botnet ended up available to the public, the botnet is only about to get more damaging as attackers can improve it according to their needs. As noted by researchers, in 2017 more and more devices are expected to be targeted and enslaved by IoT botnets. To counter these attacks, manufacturers don’t have much choice but to face the issue of securing their products before they become available on the market.
In conclusion, ransomware and respectively ransom is the cyber threat evolving at the fastest rate, as most phishing attempts are delivering crypto viruses. Phones are also targeted, as well as laptops, company computers, and a range of other devices, including such in the healthcare industry. In a nutshell, no device appears to be secure enough.