Positive Technologies: hackers increasingly prefer data theft

Q3 2018 research shows that data theft is the main driver of cybercrime, the share of social engineering attacks increased by 12 percent, and ransomware is on the rise.

Incidents involving data theft grew by 5 percent in the third quarter of 2018, compared to Q2 2018, and by 20 percent compared to Q3 2017. This according to the Positive Technologies Cybersecurity Threatscape Q3 2018 report, released today.

Interest in data coincides with a decline in incidents aimed at direct financial gain, which fell from 53 percent in Q1 to 33 percent in Q3. Experts explain that stealing from banks is becoming more difficult for attackers, who can instead steal sensitive business plans or personal correspondence in order to blackmail victims or sell the information on the dark web.

Personal data, credentials, and credit card numbers remain the most sought-after types of data, accounting for more than half of all compromised information.

Leigh-Anne Galloway, Cyber Security Resilience Lead at Positive Technologies commented: "Cluelessness about security is one of the biggest contributors to data theft. Users voluntarily provide information to online services in exchange for small rewards, or put information on social networks for the world to see. In Q3, one fifth of data theft incidents involved account credentials. Attackers steal usernames and passwords for one site, and because people often reuse credentials, the attackers can use the same credentials to access more sensitive sites, such as those with medical information."

As noted by Galloway, even individual users can provide rich pickings: "Personal data, correspondence, and photos all are fertile ground for blackmail and extortion. In one case, attackers took over social network accounts in mass attacks on Instagram users. Because these accounts are commercially valuable, the owners are often willing to pay a ransom. If no ransom is forthcoming, the attacker can try to resell the account or use it for blasting spam."

Social engineering attacks made up 37 percent of total attacks in Q3, compared to 28 percent in Q1 and 25 percent in Q2. These attacks increasingly targeted individuals (60% in Q3 vs. 38% in Q2).

The list of victims is led by individuals (19%), followed by government (12%), and finance (9%). Websites dipped slightly as a target (from 32% in Q2 to 30% in Q3), while users increased by the same amount (from 13% to 15%).

As before, malware is a mainstay of attacker techniques. In Q3 2018, malware was a factor in 56 percent of incidents, compared to 49 percent in the prior quarter. Ransomware infections increased to 20 percent compared to 9 percent in the prior quarter, pushing spyware out of second place. Ransomware caused damage to governments, healthcare institutions, schools and universities, industry, and individuals.

By contrast, illicit cryptocurrency mining has declined: 23 percent in Q1 became 15 percent in Q2, and is now down to just 8 percent in Q3. But black hat attackers continue to plunder online cryptocurrency exchanges, which offer an attractive target with an easy payoff and plenty of exploitable flaws in their operating logic.

Attacks on the finance sector increased quarter-over-quarter. The main culprit is phishing campaigns by the Cobalt group, which was responsible for 12 attacks recorded by the Positive Technologies Expert Security Center in the third quarter. They stuck to a well-defined playbook, starting with a JavaScript backdoor and then planting CobInt malware. Phishing messages were sent from fake domains resembling major banks such as BBVA Compass Bancshares and Raiffeisenbank. Losses from such attacks on the finance sector in Q3 totaled around $18 million.