Olivier Le Moal - stock.adobe.co

Malware still top security threat, say infosec pros

Malware remains the top security threat to organisations, with ransomware still considered to be the top malware threat and lack of budget the biggest obstacle to defence, a study shows

Malware is the most destructive security threat affecting organisations of all sizes in the public and private sector, a survey of information security professionals reveals.

The majority of respondents (86%) perceive malware as an extreme threat, according to the 2019 malware report by the Cybersecurity Insiders security community and IT management software firm HelpSystems.

More than three in 10 (37%) said the threat was moderate, while only 11% said malware was a small threat and just 3% said they do not perceive malware as a threat at all.

Ransomware is considered to be the most significant malware threat (34%), followed by fileless malware (13%) and spyware (9%).

Simliarly, a “significant majority” (71%) believe that malware, including ransomware, will become a larger threat to their organisations in the next 12 months, while 68% believe malware attacks will become more frequent, the report said.

Asked what motivates those behind malware attacks, financial gain (77%) tops the list, followed by a desire to sabotage and disrupt business activities (54%). The most targeted data, respondents said, is customer information (60%), tied with financial data (60%), followed by intellectual property (52%).

“But while money extortion is the most common motivation for cyber criminals, in some cases attackers are hacking for fun (31%), for state-sponsored attacks (25%) and for political beliefs (17%),” the  report said.

The report reveals that 76% of respondents believe a malware attack in the next 12 months is moderately to extremely likely, driven mainly by organised cyber crime (67%), followed by opportunistic hackers (65%) and state-sponsored hackers (40%).

However, despite the perceived threat by these bad actors, more than half (55%) of organisations are not confident in their ability to detect and block an attack before it affects critical systems. Only 12% are extremely confident, while 33% said they were very confident.

A positive finding is that 72% of organisations claim to have an incident response team in place. “The good news is organisations realise that incident response is a critical piece of an effective, multi-layer defence against attacks,” the report said.

The majority (54%) consider spear phishing emails the most dangerous attack vector, followed by Trojans (13%) and man in the middle attacks (10%).

The most significant business impact of malware attacks is the resulting productivity loss (58%) and system downtime (50%).

Other reported impacts of malware attacks include data loss (26%), loss of confidence in security controls (20%), revenue loss (17%), damage to company reputation (16%) and bad publicity (14%).

The survey shows that organisations prioritise user awareness training (75%) and anti-malware solutions (74%) as most effective in preventing malware attacks. The survey indicates both anti-malware/antivirus/endpoint security solutions (74%) and email and web gateways (64%) were highly effective as preventive approaches to malware/ransomware threats.

Read more about malware

The report highlights that ransomware has quickly emerged as a lucrative venture for cyber criminals, in part due to more sophisticated tools for ransomware creation and deployment, with 71% of organisations reporting two or more ransomware attacks in the past 12 months.

Most notable ransomware strains recognised by security professionals, the report said, are WannaCry (80%), CryptoLocker (73%), and Petya (55%).

“However, it is important to note that lesser known ransomware strains should not be dismissed as less powerful as the results can be just as damaging to any organisation,” the report said.

More than 4 out of 10 organisations surveyed (42%) said they experienced ransomware attacks, up from 37% in 2018, while 58% said they have not been affected by ransomware yet or are not aware of a previous or ongoing attack.

Business ransomware detections increased by 365% in the past year, dominated by Ryuk and Phobos which increased 88% and 940% respectively, a report on cyber crime trends by security firm Malwarebytes revealed.

GandCrab and Rapid ransomware attacks on businesses also increased in the past year, with Rapid up 319% and GandCrab up just 5%, showing a slowdown in growth.

These increases in business detections, the report said, show that cyber criminals are searching for higher return on investment (ROI) as consumer detections decreased by 12%.

According to the Cybersecurity Insiders report, email and web use represent the most common ransomware infection methods, with respondents saying it is only a matter of time until an employee opens an email attachment (63%), answers a phishing email (62%) or visits a compromised website (48%).

Cyber security professionals continue to view data backup and recovery (57%) as the most effective response to a ransomware attack because organisations can often restore critical data without having to pay any ransom.

The three biggest obstacles to stronger malware defence, the survey found, are lack of budget (51%), dealing with evolving sophistication of attacks (40%), and tied at 36%, poor user awareness and lack of human resources.

Read more about ransomware

Read more on Hackers and cybercrime prevention