Hacker gangs became noticeably bolder and more sophisticated in 2014, succeeding with 312 high-level attacks on businesses. That figure represents a rise of 23% year-over-year, according to the 2014 Internet Security Threat Report from Symantec.
This rise in security threats underscores the importance of email backup so that businesses can protect their critical communications and any information that is effectively stored through that medium.
Healthcare an increasingly common target
Hackers were specifically interested in healthcare organizations, the report indicated: fully 37% of attacks were directed toward that segment. Meanwhile, retail and education respectively accounted for 11% and 10% of the total.
When 78.8 million records were stolen from Anthem – the second larger US insurer, handling Blue Cross Blue Shield accounts for 14 states – the data included Social Security numbers, birth dates, and contact information. That sounds bad enough, but the real score for the attackers was medical information numbers, which are used to perpetrate healthcare fraud.
“Complete health insurance credentials sold for $20 apiece on underground markets in 2013,” reported the Washington Post. “That is 10 to 20 times more than a U.S. credit card number with a security code.”
Consumers and businesses also at risk via email
Although businesses were getting slammed, that didn’t mean that consumers were forgotten by hackers. Symantec, which produces the Norton line of anti-threat products, determined that three out of every five emails (60%) were spam last year – much of which we didn’t see in our inboxes due to spam filters.
Spam actually took somewhat of a backseat to other efforts – the year before, two in three messages (66%) were spam. However, the amount of spam is still disconcerting: while 29 billion were sent every day in 2013, that number dropped to “only” 28 billion last year.
Plus, although the number of spam emails dropped a bit, they became increasingly unsafe. One in 965 messages was a phishing email – attempting to get the recipient to access a link or attachment that downloads malware to their device.
Emails of course can also get hacked and entirely stolen or wiped out – one reason businesses and consumers are turning increasingly to email backup solutions.
SMB ransomware: do not pay!
“You got no idea what suffering is. If I don’t get the cash in one hour, this kid is dead!” – Gary Sinise to Mel Gibson in the 1996 film Ransom.
Ransomware was also on the rise in 2014. Unlike the above scene from Hollywood, kidnapping of children is not involved. Instead, cybercriminals invade networks (typically of SMBs) and make the data inaccessible to its rightful owners. Hackers then send a message to the company leadership instructing them that they won’t see their data again until they pay a ransom.
The extortionists generally demand $300-$500 for businesses to regain access to their data, according to Elizabeth Weise of USA Today. However, often people pay and don’t get anything in return.
“Roughly 80% of the time, they don’t decrypt the files,” explained Robert Shaker, the senior threat manager with Symantec. “And 100% of the time, you get put on the ‘payers’ list, meaning they’ll hit you again later.” (Oh, and don’t worry: There is no evidence that Shaker is related to Jimmy Shaker, the extortionist character played by Sinise in Ransom.)
In 2014, ransomware incidents expanded 100%, rising to 8.8 million from 4.1 million cases the year before.
Getting organized
“I gotta get organized. You know, little things, like my apartment, my possessions.” – Robert De Niro to Cybill Shepherd in Taxi Driver.
Much like the organization plans of the mentally unstable character De Niro played in Taxi Driver, gangs of hackers started working together more cohesively to increase their effectiveness – the primary difference being that the hacker organization scheme was actually successful. Symantec says that criminals are operating more quickly than security teams at corporations are.
One black-and-white example of hackers outpacing security professionals occurred in April 2014, when the Heartbleed Bug was found in OpenSSL – a popular security technology used on many popular services including Facebook, Instagram, and Gmail.
Kevin Haley, who directs security response for Symantec, said that hackers were already exploiting the Heartbleed vulnerability four hours after the announcement was made.
Hacking has become big business, essentially. It’s a worldwide effort with huge amounts of money behind it.
“Ten to 15 years ago, these were ad hoc networks of individuals motivated by ego,” commented Lillian Ablon, a security analyst at RAND Corporation. “Now it’s almost entirely financial gain.”
Criminals across the planet have banded together, offering widely distributed tools openly with the obvious assumption that they will never be caught.
Ablon noted that there are even handbooks on Google describing the best places to get credit card data, as well as videos on YouTube showing hackers where to get the best software for their attacks. She added that she doesn’t think it will be long before they are reviewing exploit mechanisms on Yelp.
Reducing your risk
Much of the focus of the security news is on breaches of data. The basic story is that the bad guy beat the good guy, and the bad guy now has the good guy’s stuff.
Here’s the question, though: was it the only copy? You always want to have an additional copy of your business’s critical communications, as accomplished with email backup. Strong backup is not an alternative to security technology but a critical element of your security stance.
Our encrypted email backup uses the 256-bit version of the Advanced Encryption Standard, the same block cipher used by the US government to protect Top-Secret documents.
