The most affected sectors were financial services, healthcare and manufacturing, according to a breach insight report.
In Q1 this year, a 25% spike in ransomware attacks in the first quarter of 2020 versus Q4 2019 has been tallied up, based on incidents reported to the Beazley Breach Response (BBR) Services.
While nearly all industries reported incidents, the manufacturing sector was the hardest hit with a 156% increase in incidents quarter-over-quarter, according to the specialist insurer.
Although manufacturing saw the biggest ransomware surge, the most affected sectors continued to be financial services and healthcare, which together accounted for half of all ransomware attacks reported to Beazley in the first quarter.
Also, ransomware attacks against vendors and managed service providers (MSPs) continued to pose problems in Q1 2020, and not only for the targeted business but often their downstream clients. Banks and credit unions and healthcare organizations were particularly hard hit as a result of attacks against MSPs, according to the breach insight findings.
Cybercriminals are milking the pandemic
As attack groups turned their attention to ransomware in Q1, business email compromise (BEC) incidents reported to Beazley declined 16 % as compared to the previous quarter. The issue has certainly not gone away—a possible reason for the decline may be that fewer email compromises had been identified and reported to Beazley due to the disruption caused by COVID-19.
However, phishing attacks did soar during lockdowns, according to security awareness training experts, KnowBe4. Their research has tracked the myriad ways that cybercriminals are using phishing scams to steal personally identifiable information through fake emails and texts designed to look like official COVID-19-related information.
Said Katherine Keefe, head of BBR Services: “Cybercriminals are preying on people’s heightened anxiety during this pandemic, tricking them into clicking and sharing links that steal information. Also, those working from home may have weaker IT security than corporate networks typically provide. Organizations must ensure their security systems and protocols are up to date and ensure that colleagues working from home are extra vigilant.
According to Ng Teck Siong, Underwriter, Cyber & Technology, Asia Pacific: “Some examples we have seen in this region include malware re-designed as a Covid-19 tracking platform, as well as phishing scams promising the availability of pandemic-related insecurities. Ransomware attacks remain the most common type of notification we receive from our policyholders in Asia, many of which succeed in attacking systems via phishing emails, and lack of awareness among employees, and weak password management are also factors.”