Top 5 Reasons that Phishing, Ransomware & Email Fraud Attacks Succeed

You are probably aware that cyber attacks are increasing dramatically every year, but have you actually looked at the numbers? They are truly staggering. For example, Symantec’s 2018 Internet Security Threat Report found that:

  • In February 2018, there was one phishing attempt in every 3,331 emails and one piece of malware for every 645 emails.
  • Detections of coin miners on endpoint computers increased by 8,500 percent in 2017; 1.7 million were logged in December alone.
  • The number of new mobile malware variants increased by 54 percent in 2017, to 27,000.
  • There was a 600 percent increase in attacks on IoT devices in 2017.

Of course, not all of these attacks are successful. But many are. Depending on which survey or industry analysis you read, anywhere from half to two-thirds of organizations have suffered a successful cyber attack in the past year — and I’m inclined to believe that those numbers are low, since some organizations may not even know they were breached and others are reluctant to admit it, even for a survey that promises anonymity.

So it’s worth asking the question, what are the main reasons that cybercriminals are achieving success? Here are the top 5 reasons:

1. Cybercriminals are highly adaptable.

The supply of stolen credit card numbers, passport information, login credentials and healthcare records has grown so much in recent years that prices have actually been falling. For example, Facebook login credentials can be purchased on the Dark Web for as little as $5.20. But that hasn’t resulted in less cybercrime. Rather, cybercriminals have simply turned to ransomware and more sophisticated gambits like CEO fraud, which enable them to get money directly from victims, instead of something that they have to sell.

In fact, cybercriminals have found something even more profitable than ransomware: cryptocurrency mining (cryptojacking). The mining software is inexpensive, but the criminals need massive amounts of computing power to generate cryptocoins — so they are increasing using malware to get into corporate endpoints and create highly distributed networks of bots to do the work. The more sophisticated cryptomining malware variants will actually stop working to avoid detection when a victim runs an application that requires the GPU, but otherwise will consume virtually all of the available computing resources of the infected endpoints.

2. Starting a “career” in cybercrime no longer requires much money or expertise.

Moreover, cybercriminals often are highly collaborative, sharing their techniques and expertise. For instance, ransomware creators often provide their code for free or for a small fee in exchange for a cut of each ransom, enabling people with minimal knowledge of coding and computers to get in on the “business.” There is even inexpensive ransomware as a service (RaaS) now; the Karmen RaaS is just $175, and buyers can decide the ransom prices and how long victims get to pay the ransom.

3. Widespread adoption of the cloud and BYOD has made cybercrime easier.

Cloud service providers generally have better security capabilities than most of their customers and therefore suffer fewer data breaches than the typical enterprise customer. But because they store such large volumes of valuable information, they are appealing targets of cybercriminals, and the breaches that do happen tend to be enormous.

Plus, business users rely on a variety of cloud-based tools and applications, which expands the attack surface area enormously. Organizations are seeing more instances in which confidential info is accidentally or maliciously leaked through a cloud-based tool like Dropbox or a social media platform like Facebook.

4. Organizations are not exercising adequate due diligence.

Of course, it takes two to tango. Cybercriminals succeed not just because they’re good and persistent, but because organizations are vulnerable. The fact is, many organizations are not exercising adequate due diligence to protect themselves against the increasing barrage of sophisticated attacks coming their way.

One of the top mistakes is assuming that native tools are up to the task of mitigating cyber security risks. The fact is, native security is rarely sufficient for infrastructure security. Application and platform vendors are focused on the products and services they provide, so they simply cannot not provide the same level of protection as third-party solutions focused specifically on cyber threat detection and remediation.

5. Users aren’t properly trained.

You’ve probably been waiting for this one. Users are indeed a major weak link in security. Research shows they often fall for attacks by clicking on links, opening attachments in emails, inserting USBs of unknown provenance, and so forth without much thought at all — if they simply counting on their anti-virus software and firewalls to take care of everything.

But in a corporate environment, blaming users is a poor excuse. After all, most of them have not been properly trained about how to recognize threats like phishing, CEO fraud and ransomware, and they might be afraid to report it when they suspect they’ve fallen for one of these gambits. So organizations have to shoulder a good deal of the responsibility here as well.

Want to learn more about trends in cyber attacks and what you can do to protect your organization? The Osterman Research whitepaper, “Best Practices for Protecting against Phishing, Ransomware and Email Fraud” reveals the answers to key questions, such as:

  • What types of attacks are actually resulting in breaches or other security incidents at organizations these days?
  • How effective are current cybersecurity solutions and training practices at blocking these threats?
  • Which cybersecurity issues are decision-makers most concerned about?
  • How much will the average security budget increase this year?

It also explores the cybersecurity best practices that decision makers should seriously consider. Here are just a few:

  • Audit your current security infrastructure
  • Implement multi-layer email security
  • View security holistically
  • Establish detailed and thorough security policies
  • Train all users, including senior executives

Download White Paper

Anonymous