Number of ransomware and malware attacks in Ireland falls

Hackers turning to phishing and cryptocurrency mining instead

The decline in malware and ransomware attacks follows a spate of high-profile attacks in 2017including NotPetya and WannaCrypt.

The decline in malware and ransomware attacks follows a spate of high-profile attacks in 2017including NotPetya and WannaCrypt.

 

The number of ransomware and malware attacks in Ireland fell last year, tracking a global trend, but hackers are now turning to phishing and cryptocurrency mining instead.

Microsoft’s Security Intelligence Report showed an overall decline of 60 per cent in ransomware attacks globally. Ireland had among the lowest rates of incidents. In terms of malware, Ireland’s saw a monthly encounter rate of 1.26 per cent, the lowest reported figure.

The decline in malware and ransomware attacks follows a spate of high-profile attacks in 2017including NotPetya and WannaCrypt.

However, hackers are now using different tactics, installing cryptocurrency mining software on victims’ computers that works virtually undetected in the background of infected machines. It requires no user input, and it is often only a drop in performance on the machines that alerts users to the presence of the mining software.

Phishing also remains popular with attackers, as poor employee security habits including password practices, as well as training and security policies, leave companies open to attack.

“While we have seen a welcome drop in ransomware and malware attacks, it would be a mistake to assume the level of cyber threat to Irish organisations has also decreased,” said Des Ryan, solutions director at Microsoft Ireland.

“We are seeing major behavioural change amongst criminal hackers, who want access to a victim’s computer and an organisation’s network to access data, but also use their computing power to mine for cryptocurrency.

“This is about playing the long game and exploiting people’s lack of training and understanding when it comes to cybercrime. Microsoft’s analysts predict phishing will continue to be an issue for the foreseeable future for that reason.”

Research from Microsoft published in February showed a lack of security training, the use of personal devices with work-related data and lax practices around passwords are all security risks facing public and private sector organisations.