Cybercriminals are continuing to carry out ransomware attacks on organizations at a greater frequency, according to two new reports highlighted by Cnet’s Laura Hautala this week:
According to Verizon’s annual Data Breach Investigations Report, released Tuesday, ransomware attacks doubled in the last year. That’s especially alarming considering that they doubled the year before, too. … Ransomware accounted for 39 percent of all new malware infections tallied up in the Verizon report, which looks at more than 53,000 security incidents drawn from Verizon cybersecurity customers as well as reports from the US Secret Service and an international consortium of private sector companies.
The numbers match up with findings released Monday by cybersecurity company Malwarebytes, which found that while hackers are targeting consumers with ransomware less frequently, they’re hitting businesses with more of the attacks.
The threat of ransomware was thrown into stark relief last year, when the WannaCry attack, the largest such cyberattack in history, struck over 300,000 machines in 150 countries, exploiting a vulnerability in outdated versions of Microsoft Windows to lock victims out of their computers and demand ransoms of hundreds of dollars to restore access to their documents and data. Most ransomware attacks are much less sophisticated than WannaCry, which the US government ultimately blamed on North Korea, and rely on phishing scams that trick users into handing passwords or other personal data over to hackers, who can use this information to gain control of their devices.
Phishing and ransomware are of concern for HR departments in particular, first because this part of the organization is often a soft target for cybercriminals and second because employee behavior is the main weak point in most organizations’ cybersecurity strategies.
The Federal Bureau of Investigation and the Internal Revenue Service are cautioning US employers to be vigilant as authorities are seeing a spike in the number of phishing scams involving employees’ W-2 tax forms, which compromise employees’ sensitive personal data, including their Social Security numbers. So far, the government says, 200 organizations were targeted by these scams during tax season this year—a dramatic increase from 50 last year—compromising the data of hundreds of thousands of employees, the Associated Press reports:
Cyberthieves perpetrate the scams by sending emails that appear to come from executives inside the targeted organizations. The emails ask payroll or human resources departments to reply with a list of all employees and their W-2 forms. Some emails also ask companies to transfer money to a specified bank account. Companies should be on alert for anyone asking for employees’ W-2 forms or for wire transfers of money.
The IRS has an email notification address specifically for businesses and organizations to report W-2 thefts: firstname.lastname@example.org. Be sure to include “W-2 scam” in the subject line. Businesses and organizations that receive a suspicious email but haven’t been victimized should forward it to email@example.com, also with “W-2 scam” in the subject line. Anyone victimized should also contact the FBI’s Internet Crime Complaint Center through its website, www.ic3.gov.
The IRS suggests that organizations take steps to protect themselves and their employees from scams, such as confirming the authenticity of suspicious emails over the phone using previously known telephone numbers, not ones contained in the email; investing in software to flag suspicious emails; and ensuring that employees who handle W-2s or other sensitive tax and payroll information are aware of these scams and common red flags, such as receiving emails from unrecognized addresses.
Crystal Eye Studio/Shutterstock
Nearly 18,000 current and former employees of the newspaper publisher Gannett may have had their personal information compromised after hackers broke into the email accounts of members of the company’s HR department, the Associated Press reported this week:
The company says there is no indication sensitive information was taken, but it can’t be sure. Gannett says it learned in March that several people in its human resource department were victims of a phishing attack, in which hackers try to steal personal information through emails. It says hackers accessed email accounts and were able to send other phishing emails from there. There was also an unsuccessful attempt to wire transfer corporate money.
When the attacker attempted a fraudulent wire transfer, Gannett’s finance department flagged the request as suspicious and thereby uncovered the breach, the Wall Street Journal adds. The company quickly locked down the affected accounts, launched an investigation, and notified federal law enforcement. It is offering current and former employees a free year of credit monitoring services, and is taking steps to strengthen its cybersecurity protocols and train employees on how to better protect themselves against phishing scams.
In addition, as many as one million Gmail users were targeted this week by a very sophisticated phishing scam exploiting Google Docs, which has also rattled many IT departments.
Furthermore, cyberattacks are increasingly targeting organizations rather than individuals, and HR departments have become a favorite entry point for hackers as HR professionals typically have access to a lot of employee data and are accustomed to opening emails from outside the organization, where it is relatively easy to conceal malicious code in the guise of a résumé or invoice.