Also, 47% more cyber attacks in Q2 2018 than in Q2 2017

Oct 2, 2018 20:19 GMT  ·  By

The amount of total cybersecurity incidents is continuing to grow according to a report from Positive Technologies, with a 47% YoY growth when comparing Q2 2017 with Q2 2018.

The information used to draw the conclusions in their report is based on the security knowledge and expertise of the company's research team, as well as on data gathered during multiple investigations and from authoritative sources.

According to Positive Technologies' report, personal data (30%) and credentials (22%) were the most attractive targets for threat actors, with a wide variety of websites being compromised by attackers to get their paws on this information.

Moreover, despite a decrease in the number of malware-based attacks during Q2 2018 compared to Q1 2018 (49% vs. 63%), they are still the most common, with leaked NSA exploits being used as attack vectors for compromising Internet-facing devices, acting as footholds for subsequent malware payload dropping.

Furthermore, bad actors have been using more and more exotic ways of attacking their targets, with credential compromise going up to 19% from 7% and web vulnerability exploiting reaching 18% from 12% in Q1.

54% of all attacks on companies were targeted attacks

Threat actors also used zero-day vulnerability exploits if they could get their hands on one, as well as social engineering to steal login credentials.

The security research team also discovered that out of all attacks on privately held companies and organizations, 54 percent of them were targeted attacks, which shows the attackers' inclination on hitting high-value targets instead of random ones when using malware campaigns.

As stated by Leigh-Anne Galloway, Cyber Security Resilience Lead at Positive Technologies, "Cyberattacks in Q2 victimized 765 million ordinary users to the tune of tens of millions of dollars."

The company also provides a forecast for the next quarter of 2018, with an increase in the number of data theft attacks because of individuals and companies not securing their information correctly.