In 2017, cybercrime cost the global economy $600 billion. In 2018, the global financial damage exceeded $1 trillion, a 50% annual increase. In terms of scale, it is equal to the nominal GDP of Australia! The cost of cyber attacks is expected to grow exponentially in the years to come. As the digital economy expands, so does the threat landscape.
What are the most widespread types of cyber crimes that businesses suffer from?
The Internet user base is increasing (4.39 billion or 57% of the total population in 2019); therefore companies need a storage for sensitive data with greater capabilities and resources to keep it secure. Moreover, the emerging innovative technologies pose new risks as well. The companies adopt new technologies faster than they can address cybersecurity issues. As a result, data breach is one of the fastest growing crimes that increases in scale, cost and sophistication posing a major threat to both businesses and individuals even today.
How do hackers attack companies though?
- Fraudulent emails (75%) remain the most widely used and successful attack on businesses and individuals alike. Most cyber attacks start with phishing emails, exploiting human vulnerabilities, and infecting computers with ransomware or other types of malware. Advanced malicious tools, phishing kits and targeted attacks on specific businesses are expected in 2019.
- Viruses/spyware/malware (24%) is the second most common attack that will continue bringing sizeable damage. Viruses lead to various malicious effects including deleting or stealing information, downloading malicious programs, providing hackers with unauthorized access to the computer, and more. Spyware allows criminals to collect user information, credit card credentials, user passwords, and other personal information.
- Ransomware (15%) is the growing threat that allows bad actors to automate the attacks, and thus increase their scale and profits from hacks. It blocks the user or the company from the computer or the whole network demanding money compensations. It’s on the boom targeting high-net-worth victims.
- Unauthorized access (15%) can be performed via various malicious techniques and instruments. It leads to information theft that many organizations are now suffering from.
- Denial-of-service attacks (12%) are aimed at preventing users from server access. This type of cybercrime can lead to noticeable disruption or complete unavailability of the server, causing further network intrusion and loss of sensitive data.
Now that you know more about the ways hackers disrupt computer systems and access the data they need, you might be curious to learn how profitable such attacks are for cyber criminals and how damaging they are for targeted businesses. Read on and find out about 6 much-publicized cyber crimes!
3 cyber attacks that cost us a fortune
This is one of the costliest cyber attacks that could have drained a US firm of up to $4 billion as some sources say. Serving more than 2,200 global brands, the leading provider of email marketing services suffered a sizeable data breach in 2011. The addresses and names of 60 million users were exposed. Among the dozens of affected companies were the industry giants, such as JPMorgan, Citigroup, BestBuy, Visa, and others that warned the customers about the potential threats. Unauthorized access to Epsilon’s system resulted in the most expensive data breach.
This is a ransomware attack that infected up to 400 thousand computers in over 150 countries and caused global financial losses of up to $4 billion in 2017. WannaCry exploited the Microsoft Windows vulnerabilities to let the ransomware spread fast across computers that didn’t have a security patch. Having infected one machine, WannaCry could find and infect other computers in the same network. The malicious software encrypted data and demanded a ransom of $300 worth in Bitcoin to decrypt the files. The ransomware affected governmental entities, health service providers, banks, energy and global companies in Russia, Spain, the UK, India, China, Italy, Ukraine, the USA, South America, and 100+ countries worldwide. The creators and the origin of WannaCry are still unknown.
Just like WannaCry, this ransomware used a vulnerability in the Windows Operating System, but added some modifications. Petya encrypted the whole hard drive and had a self-propagation feature; it hit 300 thousand computers worldwide. The first attack was performed in Ukraine, then the ransomware started spreading across Europe, North America, and even Australia. The ransomware was more effective and faster than WannaCry due to the worm capabilities. One unpatched computer was enough to affect and bring down the whole network. This more complex attack that combined several malware techniques cost the global economy $3 billion.
3 biggest data breaches ever
Yahoo’s breach that compromised 3 billion accounts in 2013 remains the most massive one. The hackers stole names, phone numbers, birth dates, passwords, etc. Besides, they obtained backup email addresses and security questions/answers, which is beneficial for digital thieves. The attack was performed via phishing emails with a link. Once it was clicked, malware was downloaded to the network. Thus, bad actors gained access to the user database to forge personal data. It took Yahoo several years to disclose and complete the investigation on this case. The data wasn’t burnt across the Internet after the breach.
The company operating adult-oriented websites experienced a severe breach in 2016. Apart from AdultFriendFinder, several adult webcam sites were affected as well. Six databases containing sensitive information of 412 million user accounts were disclosed. The email addresses, as well as passwords, were kept in plaintext or easy-to-crack hashing. The researcher known as Revolver uncovered the local file inclusion vulnerability on AdultFriendFinder’s website that permitted hackers to remotely run malicious code on the web server and access the internal databases.
The world’s largest hotel chain saw another large-scale breach of data in 2018. The reservation system of Marriott’s Starwood subsidiaries that contained personal details of 500 million customers was compromised via unauthorized access. This breach was particularly troubling, because along with the names, addresses, emails, and phone numbers, some of the stolen records included passport numbers, travel locations, and credit card numbers. The incident turned out to be even more damaging as the hackers had access to Starwood’s guest database since 2014.
Given that social engineering attacks (scareware, baiting, phishing and spear phishing) remain the most commonly used techniques, it becomes obvious that hackers focus on exploiting the human factor as a weakness. Even the well-designed security systems could be undermined via a single malicious act aimed at the human factor.
The largest cyber attacks in history exploited vulnerabilities in software, and therefore revealed the importance of maintaining it up to date. The poorly monitored network means that a malicious attack can be performed through your network’s back door without being noticed. The weak links in your organization’s cybersecurity system can come in many forms but it doesn’t mean that the system can’t be protected effectively.
Modern businesses protect user data by adopting multi-factor authentication, role-based access control, and hardware-based password management to keep sensitive data safe. It’s crucial to stay aware of the latest cybersecurity trends and new attack-proof tools as the reputation of your business depends on it greatly.