A new report titled “Cyber Incident & Breach Trends Report” revealed just how cyber-criminals are getting better at monetizing their every attack.
This report from the Internet Society’s OTA or Online Trust Alliance— a group that identifies and promotes privacy and security best practices to build consumer confidence on the Internet— revealed that cyber-attacks cost global organizations $45 billionlast year alone in 2 million incidents. And this is just an estimate, with the actual numbers expected to be much higher since numerous cyber-attacks are never reported.
Despite the fact that overall exposed records and breaches were down last year, the report established that the financial effect of ransomware increased by 60 percent, losses from BEC have doubled and cryptojacking incidents getting tripled.
Here are some of the top trends from the report that shows just how cyber-criminals are getting better in monetizing their attacks.
- Deceptive Emails
Also known as an attack vendor, BEC or business email compromise has doubled last year which results in $1.3 billion losses as company employees were deceived into transferring funds and sending gift cards to attackers using email to impersonate executives or vendors.
Most companies are reacting by clearly labeling all emails which originate outside the company’s network as well as implementing strict workplace security.
- Cryptocurrency Breeds New Cyber Crimes
With the ever-increasing occurrence of cryptocurrency, also comes new cyber-crimes such as cryptojacking, which tripled last year.
This type of attack hijacks devices in order to harness computer power to efficiently mine cryptocurrency. These incidents are believed to be increasingly attractive since they provide a direct path from infiltration to monetization and are quite difficult to detect.
- Third-Party Attacks
Supply chain attacks are not new, however, they continue to multiply and change. This is when attackers infiltrate through 3rd party website content, vendors’ third-parties credential or software.
The most notable third party attack was Magecart in 2018, infecting the payment forms of over 6,400 e-commerce websites globally. External sources estimated a 78 percent increase with these attacks last year, with 2/3 of companies having an average of $1.1 million loss.
- Cloud Controversies
While also not new, the year 2018 also brought sensitive data being left open to the Internet because of misconfigured cloud services.
Given that the number of organizations rely on companies such as Microsoft, Google, and Amazon for their cloud needs, it is increasingly crucial to ensure that cloud storage is secure.
The report said that one common issue with cloud computing is not even a true “attack”, but rather a user error. Configuring the data storage correctly is the responsibility of the user and not of the cloud service. And more often than not, it is improperly done.
- Governments Under Attack
Although the total number of ransomware attacks was down last year, the report revealed a troubling rise in reposted ransomware attacks against local and state governments from 2018 to early 2019.
For instance, breaches targeting the cities of Atlanta and Baltimore led to the interruptions of government services and rebuilding of whole network structures.
- Increased in Credentials Stuffing
Credential stuffing also increased last year. With over 2.2 billion breached credentials currently in play and users usually relying on similar logins across websites and services, attackers are taking advantage of ultra-fast computers and well-known username and password pairs or more commonly used passwords in order to gain direct access to account across a broad range of industries.
Numerous high-profile attacks happened last year, and although most were first believed to be just simple breaches, they turned out to be some of the brute-force credential attacks causing huge losses on companies and organizations.