Cyber criminals are advancing faster than companies can defend themselves, with denial of service attacks worsening, ransoms on the rise and data breaches targeting more high-profile retailers, according to two widely followed reports from cyber security companies.
Kevin Haley, director of Symantec’s security response product and an author of the report, said the threat continued to rise because criminals had been so successful.
He said the cyber world was similar to the business world, with criminals selling more ways to attack companies to meet demand, and copying their rivals’ most lucrative tactics.
One of hackers’ favourite new tools is cryptic ransomware, which locks files on a computer until their owner pays a ransom. This type of attack happened 45 times more often in 2014 than in 2013, according to the report.
Mr Haley warned that healthcare companies in the US were increasingly being targeted, following the rash of retailers last year that fell victim to criminals stealing credit card information.
Verizon cyber security researchers, who drew data from more than 70 partners including governments and companies for their report, said hackers were becoming more inventive, thinking up new tactics to evade defences.
Jay Jacobs, co-author of Verizon’s annual data breach report, said attackers were proving more agile than the defenders.
“I hate to admit defeat but there does seem to be an advantage to the attackers right now,” he said, adding that they were creating powerful “opportunistic attacks” by searching for vulnerabilities in web applications.
The US telecommunications group also pointed to an increase in the severity of distributed denial of service attacks, which bring down websites by bombarding them with traffic.
The public sector was the biggest victim of such attacks, followed by financial services, retail and manufacturing. Mr Jacobs said there was no sign this activity would slow down.
“They do it for two effects: one is to grab attention, typically activists and the ideologically motivated,” he said. “And the other, which there are lots of rumours about but we have not been able to establish, is for the financial services industry to use the distributed denial of service attack as a smokescreen for another type of attack.”
In a year when attacks on US retailers including Home Depot made almost daily headlines, the researchers found that the number of records lost in data breaches did not substantially rise. Hackers switched their attention from stealing credit card details to attacks on more high-profile listed companies.
The report also contested warnings about vulnerabilities on smartphones, finding that only 100 mobile devices face serious security breaches every day. Most of the malicious software targeting phones is just “annoying”, Mr Jacobs said — for example, pushing pop-up ads — but does not steal data.
He said mobile was still not the “preferred vector” for cyber criminals. “The main problem is we have so many other ways they are being successful. If they dry up, or attacks become easier on mobile devices, then we’ll see a shift.”
Get alerts on Cyber Security when a new story is published