Decline in Ransomware Infections Does Not Mean Decreased Revenue for Cyber-criminals
Despite a decline in ransomware infections, cyber-criminals are still finding ways to earn revenue through other means. The Check Point 2019 Security Report reveals that threat actors are now targeting public cloud and mobile deployments, which are often considered the weakest points in an organization’s IT infrastructure. A staggering 18% of organizations globally have experienced a cloud security incident in the past year, with data leaks/breaches, account hijacks, and malware infections being the most common.
Interestingly, a significant 30% of IT professionals still believe that security is solely the responsibility of the cloud service provider, highlighting a critical misconception in cybersecurity practices.
During the report launch at the Check Point Experience conference in Vienna, Maya Horowitz, director of threat intelligence and research at Check Point, emphasized the shift from web-based attacks to email-based attacks due to the decrease in exploitable vulnerabilities and the increased use of exploit kits.
Orli Gan, head of products and threat prevention at Check Point, highlighted that a staggering 98% of attacks are financially motivated, with cryptocurrency being the primary target for cyber-criminals. Despite the decline in ransomware infections, ransomware revenue has remained steady, with attackers now targeting businesses for higher ransom amounts.
In a conversation with Infosecurity, Yaniv Balmas, group manager of security research at Check Point, discussed the evolving landscape of ransomware attacks. While ransomware remains a prevalent threat, there has been a shift towards targeted attacks on specific entities to maximize profits. Balmas also noted the rise of banking trojans, which now serve as distribution networks for other malware.
Infosecurity’s Online Summit
Don’t miss Infosecurity’s upcoming Online Summit on March 26-27, featuring live sessions on topics such as “The Death of Ransomware: Long Live Other Malware” and “The Persistence of Legacy Systems.” Registration is now open, with CPE credits available for the 14 sessions scheduled across the two days.