Secureworks has announced the findings of a research report which analysed more than 1,000 incident response engagements throughout 2018. The incidents observed by Secureworks revealed that organisations are making the same fundamental security mistakes year-on-year – despite several high-profile fines and data breaches in recent months. As a result, cyber attackers are following a path of evolution rather than revolution and sticking with methods that they know will work.
The research highlights the facts that 85% of attacks monitored are financially motivated, 8% of incidents were from insider threats and only 7% of attacks were Government-sponsored. In previous years, Government-sponsored, criminal and hacktivist groups each had a distinct way of operating. For example, Government-sponsored actors often invested time and resources into developing their own malware to use in highly-targeted attacks, whereas financially motivated criminals used indiscriminate and broader-scale tactics.
Secureworks also investigated popular attack methods. Business e-mail fraud, ransomware, digital currency mining (also known as cryptomining) and banking trojan activities constituted over 60% of the total attack methods. When it came to the financially motivated attacks, 21% of these involved business e-mail frauds.
Compared to previous years, ransomware attacks tended to be more serious in their impact with threat actors increasingly trying to gain access to entire networks to deploy payloads across a large number of systems.
Government-sponsored actors continued to target organisations for various strategic objectives, while capability across groups continues to diverge. Many groups conduct entire intrusions using publicly available tools and techniques, whereas others adopt increasingly sophisticated approaches to gain access to systems.
Constantly changing IT environments, corporate priorities and relationships with third parties continue to create cyber security challenges year after year. To reduce risk exposure, organisations should close the gaps they can control and thereby make the host company less of a target.