The rate of cyber extortion incidents continued to increase during the fourth quarter of 2017. In fact, despite a significant lag in reporting time, the total number of cyber extortion events recorded for 2017 so far already exceeds the total tallied from 2016, according to Aon Benfield’s latest Cyber Threat Insights report, and this trend is expected to continue into 2018.

Ransomware attacks accounted for more than 50 percent of the malicious message traffic and malware observed by security experts during the quarter, with perpetrators favoring social engineering techniques (i.e., manipulation) over exploit kits, as well as malicious URLs sent via phishing and strategic web compromise.

Among Aon Benfield’s other key findings:

  • Financial services remained the most frequently targeted industry in the fourth quarter, while the technology sector passed government to take the second spot. Aon Benfield said the surge was caused by banking Trojans harvesting personal data, credit card numbers and other sensitive information from e-commerce retailers during the holiday season.
  • The value of cryptocurrency skyrocketed during the fourth quarter, leading to a new form of malware threat: crypto-mining. While Aon Benfield said some may see crypto-mining as simply a nuisance, there have been reports of CPUs being completely overtaken by the malware, rendering the machine useless.
  • The number of cloud outages and length of associated downtimes were up in the fourth quarter, though no significant outages were seen in the U.S. last year. However, Sydney, Australia-based Crucial Cloud reportedly suffered a 24-hour outage after a power failure, impacting several thousand customers. Depending on cyber insurance take-up rates and policy language, Aon Benfield noted that this could have been a meaningful aggregation event for Asia-Pacific insurers, urging carriers to evaluate their portfolio concentration and total exposed limits with each cloud service provider.
  • Cloud-for-ransom incidents are also a threat, Aon Benfield said, citing an attack earlier in 2017 in which a South Korean web hosting firm had its hosting servers shut down for five days until it agreed to pay over $1 million in ransom to restore service.