Phishing ‘Behind Majority Of Data Breaches’

Cybercriminals are using some rather old tricks to target human weakness as they look to reap higher rewards from a wide range of attacks, according to a new report.

The latest Verizon Data Breach Investigations Report discovered a major rise in phishing attacks over the past year, as criminals

It found that 30 percent of phishing messages were opened – up from 23 percent in the previous year – and 13 percent of these resulted in malware or some other nefarious backdoor being installed.

Risky

“You might say our findings boil down to one common theme — the human element,” said Bryan Sartin, executive director of the Verizon RISK team. “Despite advances in information security research and cyber detection solutions and tools, we continue to see many of the same errors we’ve known about for more than a decade now. How do you reconcile that?”

The report also highlighted the increasingly quick speed in which cybercrime is committed. In 93 percent of cases, it took attackers minutes or less to compromise systems and data exfiltration occurred within minutes in 28 percent of the cases.

The team found that three-pronged attacks were becoming the norm for many criminals as they looked to target major organisations. First off, a phishing email with a link pointing to the malicious website or mainly a malicious attachment is sent to a company web address.

When downloaded, this or additional malware can be used to look for secrets and internal information to steal (cyberespionage) or encrypt files for ransom, often through keylogging.

These credentials are then often used to facilitate further attacks, such as to logging in to third party websites like banking or retail sites.

However those higher up in big companies can also often be held to blame, as the report found that so-called ‘miscellaneous errors,’ was the leading cause of security incidents in 2015.

This included 26 percent of all recorded errors involving sending sensitive info to the wrong person, with other errors in this category including the improper disposal of company information, misconfiguration of IT systems, and lost and stolen assets such as laptops and smartphones.

The company is now calling for organisations to implement as many security precautions as possible, as it found a worryingly large number do not offer protection methods such as two-factor authentication and data encryption.

“This year’s report once again demonstrates that there is no such thing as an impenetrable system, but often times even a basic defence will deter cybercriminals who will move on to look for an easier target,” said Sartin.

How much do you know about the world’s most notorious hackers? Try our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

5 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

7 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

8 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

9 hours ago