70% of cybersecurity incidents are caused by phishing and software vulnerabilities, industry calls attention to ransomware attacks

Reporter | Peng Xin

Edit |

With the acceleration of industrial digitalization, enterprises are facing new challenges in network security, and industries such as finance, professional and legal services have become the main targets of attacks. Network security technology company Palo Alto Networks recently released the “2022 Unit 42 Incident Response Report”, showing that cyber attackers are using a large number of software vulnerabilities and weaknesses to carry out attacks, of which ransomware and business email leaks account for the largest, up to 70%, financial And real estate is the industry with the largest amount of extortion.

Among them, ransomware attacks are the most rampant, and because of their pillar attributes, they are easily controlled by attackers. “Ransomware attacks are the most common, as it is easy to generate returns through bitcoin, blockchain, etc. Statistically, ransomware attacks are the number one security incident in our internal investigations, accounting for 36% of all case types.” Geng Qiang, technical director of Palo Alto Networks Greater China, recently told Jiemian reporters that with the popularity of ransomware attacks, the amount of ransom involved is also increasing. The ransom paid by enterprises can reach 540,000 US dollars, an increase of 58% over the previous year. .

According to data from RiskIQ, a Microsoft-owned cybersecurity company, 6 companies worldwide are attacked by ransomware every minute, and 3.15 million companies are attacked by ransomware every year. Network security issues cause the loss of enterprises around the world to reach 1.8 million US dollars per minute, and this loss is close to 1 trillion US dollars in a year.

A ransomware attack refers to a network attack aimed at extorting ransom. Usually, the attacker will steal and encrypt data to coerce the victim enterprise to pay the ransom.

“Low cost and high returns make cybercrime a low barrier to entry,” said Wendi Whitmore, senior vice president at Palo Alto Networks. Unskilled novice attackers often use tools such as hacking-as-a-service, which are readily available on the dark web and increasingly Popularity. And as ransomware attackers engage with cybercriminals and victim companies, they also use customer service and satisfaction surveys to make their behavior more “orderly.” At present, similar to the software-as-a-service model, the ransomware attack industry has also developed a “ransomware-as-a-service” black and gray production model. There are developers who develop ransomware packages, payment tools, etc., and others who execute ransomware attacks and are responsible for communicating with victims.

From an industry perspective, financial and real estate ransoms are in the first tier, with an average of nearly $8 million and $5.2 million extorted, respectively. Overall, ransomware and commercial email leaks were the top security threats Palo Alto Networks had to deal with in the past year, accounting for about 70% of the total. These industries tend to store, transmit, and process large amounts of sensitive information that attackers can profit from.

Among them, the financial industry occupies the largest impact of cyber attacks and the severe consequences, which has attracted widespread attention. “Customers in the financial industry have a large number of financial assets and data assets. After they are attacked, hackers can easily obtain more benefits, so we see that the financial industry is one of the industries that suffers the most security incidents and data breaches. Chen Wenjun, president of Palo Alto Networks Greater China, said he provided data showing that the average cost of data breaches in the financial services industry in the past was $5.7 million, second only to the medical industry.

It is worth noting that with the increasing threat of network attacks, “zero trust” is sought after in the security field. The core of this concept is to further strengthen network authorization management, ensure the principle of least privilege, and thus greatly increase the cost of attackers. “Never trust, keep verifying, you should never trust, especially in the virtualized environment of the network world, you must continue to verify users, applications and devices.” Geng Qiang said.

At present, in foreign countries, Cisco, Akamai, Palo Alto Networks, etc. have already entered the first echelon of zero trust. Domestically, according to the latest IDC report, the competition pattern of China’s zero-trust market has begun to take shape, and Qi Anxin, Sangfor, Wangsu Technology, and Anheng Information are among the top ten.

On the other hand, enterprises are gradually moving to the cloud, which leads to security problems. Chen Wenjun said that due to the agility and convenience of the cloud, a large number of application developers are deeply based on the cloud environment for development, and also use some API interfaces to connect with each other, but in the agile and changeable system architecture, when the API interfaces are widely called, they also This creates the complexity of security policies, expands the attack surface, and allows more hidden attackers to seize the opportunity.

Chen Wenjun took the current popular “container” in the cloud as an example, saying that many enterprises implement their core business in the cloud with containers. “Is there any security mechanism in the original design of these containers?” He said that the popular container in the industry, as a form of open source, In terms of design, it is difficult to take more consideration into security, but users “reinforce” additionally.

In this regard, Chen Wenjun suggested that developers should make changes from the development process, and add security functions or concepts in the stage of developing source code, that is, “shift security to the left”.