Half of all cyber intrusions in 2020 deployed ransomware, report

Financial gain is the motive behind two-thirds of attacks with 81 per cent of those using ransomware to achieve their goal says CrowdStrike report

More than half of organisations that suffered a cyber-intrusion incident in 2020 were actually hit with a ransomware attack, according to the latest CrowdStrike Services Cyber Front Lines Report.

The security firm investigated about 200 cyber security incidents on behalf of new and existing clients in the current year and found that the motive in 63 per cent of the incidents was financial gain.

Of all such attacks, 81 per cent (or 51 per cent of all cyber incidents) involved the deployment of ransomware or a precursor to ransomware activities.

Just 19 per cent of the financially-motivated attacks were 'eCrime' attacks such as cryptocurrency mining, point-of-sale intrusions, business email compromise and ecommerce website attacks.

The researchers also found that nearly 30 per cent of the organisations had antivirus protection incorrectly configured with weak prevention settings or not fully deployed.

Antivirus solutions also failed to prevent an intrusion in 40 per cent of the incidents through failure to detect malware or missing a portion of the attack sequence.

The analysis also suggests that defenders have become more sophisticated in terms of tools and techniques. The dwell time of incidents, i.e., the number of days that attackers are able to operate inside a victim's network without detection, dropped from 95 days in 2019 to 79 days in 2020. Forty-six per cent of the attacks were detected within a week of compromise, up from 29 per cent in 2019.

CrowdStrike says that cyber intrusions are no longer a one-time event, with 68 per cent of organisations suffering an intrusion this year also experiencing an additional attempt later.

The report from CrowdStrike comes within weeks after its 2020 Global Security Attitude study that surveyed 2,200 senior IT leaders from 12 countries in August and September. In that survey, 56 per cent of all respondents said that their firm had suffered at least one ransomware attack in the last 12 months, and 71 per cent said that they were more worried about ransomware attacks due to the ongoing coronavirus pandemic.

The study also revealed that 39 per cent of UK organisations have fallen victim to a ransomware attack in the last 12 months.

UK businesses paid approximately £940,000 ($1.2 million) ransom on average - higher than the global average of $1.1 million.

Earlier in June, IBM's Security X-Force Incident Response team stated that the incidents of ransomware attacks continued to increase in the second quarter of the year, with a noticeable jump in June. The IBM researchers said that the number of ransomware attacks they remediated in Q2 2020 was more than three times higher than the total in Q1.