Cyber Crime & Security Threats - Malware, Phishing & Ransomware
?? Hatim Khan ??? ???? ???
LinkedIn Top Voice??23K+ Connections??AI & Digital Marketing Strategist??Lead Generation Expert??Brand Growth??Collaboration & Sponsored Content??Helping Businesses Scale with AI, Storytelling & Data-Driven Insight
As internet usage continues to increase, so does the amount of personal information and data which is made available online. This could be out of choice, for example somebody providing personal details to a social network in order to use their service. Or it could be unwillingly, as a victim of a cybercrime attack or data breach. Not only has cybercrime become incredibly sophisticated in recent years, but in 2020 we were online more than ever, working from home, relying on technology and digital services, and all of this amid the uncertainty and disruption of a global pandemic. The risks to individuals, companies, organizations, and governments have never been greater.
CYBERCRIME
The average cost of a data breach
Cybercrime can take many forms. Identity fraud, data theft, ransomware attacks, copyright infringement, and phishing campaigns are just some examples. The consequences can be distressing for victims, and potentially very costly for organizations. The average cost of a data breach is around 3.86 million U.S. dollars, but financial repercussions vary a lot depending on the region, organization size, and industry. The average cost of a data breach in the healthcare sector is 7.13 million dollars.
HACKING
Most common data breach method: Hacking
Of all the types of cybercrime resulting in a data breach, hacking is by far the most common. By finding and exploiting weaknesses in digital networks, devices and computer systems, hackers can spread malware or gain unauthorized access to data which they can use for other criminal activity. Some hackers are hired by companies to deliberately attack their software and systems, so they can identify vulnerabilities and take pre-emptive measures before real criminals have the chance.
PERSONAL DATA OVER THE INTERNET
Do you trust social media companies with your personal information?
While most internet users around the world use social media, the majority are skeptical about how their personal data is being used. Just one in five Facebook users in the U.S. trust the social network giant with their personal information. Independently from what social media companies themselves choose to do with personal data, they regularly receive requests from governments for data which can be used in official investigations, including user information, account content, and IP address logs.
INDUSTRY LEADERS
The GDPR in Europe
The GDPR (General Data Protection Regulation) was introduced in the EU in 2018 in an attempt to better regulate the handling of data and personal information by companies and organizations, and to provide greater protection for the rights and privacy of citizens. Since the regulations were introduced, there have been a number of large fines issued for violations and non-compliance, the highest so far was a 200 million euro fine received by British Airways.
MALWARE
Malware, or malicious software, is software designed to take charge or disrupt its victim’s computer infrastructure. By posing as harmless files or links, these programs trick users into downloading them – thus allowing foreign access not only to the victim's computer, but to entire networks within an organization. The majority of malware attacks worldwide in 2020 took place in North America, with the number of automated bot-attacks far exceeding that of those executed by humans. No doubt a direct result from the growing surge of interest in cryptocurrencies, crypto mining also happens to be the leading type of malware attack across all regions globally – primarily involving hijacking computing power from an unsuspecting victim to solve cryptographic equations. Additionally, attacks tend to overwhelmingly target the professional sector, which has led to a rise in a need for B2B cybersecurity services in recent years. Revenue in the industry has been growing each year and is expected to reach nearly 8 billion U.S. dollars by 2025. Not only are businesses more at risk each year, but perpetrators are also producing new malware variants each year making it more difficult to get caught. In fact, while the number of detected malware types stood at 28.84 million ten years ago, by 2020 this had reached nearly 678 million.
MALWARE TYPES
ATTACKERS HAVE THEIR EYE ON CORPORATIONS
Most corporations are attacked by Botnets and Crypto miners. Ransomware, on the other hand is rarely encountered – making up only 5 percent of all attacks on businesses. Here, the user's access to important data is blocked or encrypted, with the condition of release being the payment of a ransom. Overall, exe and doc files were the two most common malware file types worldwide, with exe files most prevalent on the web and doc files more commonly received by email. Corporations deal with ransomware attacks in various ways. Furthermore, it has been shown that paying the ransom in fact further encourages more ransomware - and in cases where the attackers continually demand more, counter effective. Interestingly, nearly 85 percent of affected companies managed to recover their data without ever having to pay a ransom. This is usually done in several ways ranging from attempts to remove the malware to reinstalling an entire system from scratch.
MOBILE MALWARE
HOW BUSINESSES ARE STEPPING UP THEIR SECURITY GAME
Although not as widespread as malware that targets traditional systems, mobile malware is a growing threat. The most common variant of this is adware, which takes on the form of unwanted pop-ups, some of which can open gateways for further attacks on a system. With companies well aware of the growing threat of malware, overall security measures are being increased. The most widely implemented form of these has been intrusion detection, aimed at catching an attack at its onset. Meanwhile, although it has been planned for by about 40 percent of businesses, the idea of testing security with a breach attack simulation tool – no doubt a complex undertaking - has only been performed by 18 percent of organizations worldwide. Perhaps also worrying is the fact that most adults still aren’t aware of the full extent of malware, with terms such as ‘ransomware’ only having been correctly identified by less than 40 percent of those surveyed.
PHISHING
Phishing – a common term associated with email fraud has emerged as one of the most prominent forms of cyberattacks today. Victims are lured via fake correspondence, often in the form of emails or social media messages leading to carefully constructed phishing sites. Such sites, often masquerading as log-in pages or online forms then capture users’ data which is subsequently used to commit online fraud or identity theft. It is also not uncommon for links in one of these cleverly disguised messages to create a gateway for malware to make its way into a system. In 2020, phishing mails were a leading point of entry for ransomware, constituting up to 54 percent of digital vulnerabilities. Poor user practices and lack of cybersecurity training were also significant contributors, both of which are factors closely related to interaction with phishing messages.
CLICK RATES AND REPORTING
RISE IN ATTACKS SINCE COVID-19
With the coronavirus pandemic shifting daily activities online in many parts of the world, cybercrime has risen to the forefront. The third quarter of 2021 saw an unprecedented surge of unique phishing websites – an increase of over 400 thousand to be exact. This figure continued to rise in the fourth quarter that year. In 2020, Mongolia and Israel were the countries most targeted by phishing attacks, followed by France. With an increasing rate of attacks comes a growing investment in cybersecurity, an industry which is forecast to reach 345 billion U.S. dollars worldwide by 2026 - a nearly 60 percent increase from 2021.
领英推荐
PHISHING TYPES AND DELIVERY METHODS
ARE EMPLOYEES AT FAULT?
Although being distracted was a leading cause of employees clicking on phishing e-mails, being fooled by legitimate looking messages came in a close second. Just over 40 percent had assumed the e-mails came from a senior executive at their organization, another testament to the accuracy of spear phishing – a highly targeted form of the attack, drawing from user contact lists and internet activity to further personalize messages sent. While the highest number of accidental clicks come from employees aged between 31 to 50, younger members of staff appear to be better at covering their tracks. Up to 42 percent of 16 to 24 year olds admitted to having made cybersecurity mistakes that their company will never know about. Meanwhile, this share was significantly less in the 35 to 54 age group.
U.S. HEALTHCARE SECTOR MOST TARGETED
In 2020, after the worst of the coronavirus pandemic only 18 percent of cybersecurity professionals said that they had experienced an increase in digital attacks between April and June that year. Over half claimed they had seen no change in the area. A year on however, the story was quite different with nearly half admitting to having seen at least a small increase in attacks following COVID-19. In FY 2019, the Department of Health and Human Services was the most targeted government sector by cybercriminals in the United States. The largest share of breaches occurred due to slip-ups or policy violations by authorized users, again highlighting the critical role employee training plays in stemming future attacks.
RANSOMWARE
Although ransomware still ranks behind other more concerning malware types such as viruses and trojans, it has huge potential for damage - both for businesses and individuals alike. In fact, the annual share of ransomware attacks experienced by organizations worldwide has been on the rise since 2018, peaking at 68.5 percent in 2021.
WHAT IS RANSOMWARE?
Ransomware is a type of malicious software that threatens to permanently block access to a victim’s data or publish it unless a ransom is paid. While simple ransomware may lock the system in a manner that is easily reversible, more advanced malware uses a technique called crypto-viral extortion. Here the victim's files are encrypted, making them inaccessible after which a ransom payment is demanded in order to decrypt them. In a properly implemented ransomware extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Bitcoin are used for ransom transactions, making finding and prosecuting the perpetrators a challenge.
PAYING THE RANSOM
RANSOMWARE ON THE RISE
In the United States, the volume and severity of ransomware attacks has significantly increased in recent months. Database files and SQL files are among the most targeted types of files and education and IT are the most targeted types of businesses. In fact, in 2020 68 percent of U.S. organizations admitted to having experienced – and as a result paid the ransom for - ransomware attacks that year. The leading causes of ransomware infections were spam and phishing emails, followed by poor user practices and lack of cyber security training. According to MSPs (Managed service providers), the most commonly experienced strains of ransomware by ransomware attack victims was CryptoLocker, WannaCry and CryptoWall.
IT SECURITY
PHISHING THE MOST COMMON CAUSE OF RANSOM ATTACKS
As hundreds of mostly small businesses are reeling from a large-scale ransomware attack that occurred on Friday, the imminent threat that such attacks pose to businesses around the world has once again come into public focus.
As is often the case with such attacks, the latest one targeted software used by managed service providers (MSPs) to monitor and maintain the IT infrastructure of small and medium-sized businesses. And while MSPs are typically aware of the threat posed by ransomware attacks, their clients often aren’t, leading to carelessness that can end up being very costly. According to a survey conducted by cybersecurity company Datto, 84 percent of MSPs think their clients should be very concerned about ransomware, but only 30 percent of small businesses actually are.
According to Datto’s Global State of the Channel Ransomware Report, carelessness and gullibility are the greatest threat to small businesses. With phishing mails, poor user practices and lack of cybersecurity training on top of the list of leading causes of ransomware attacks, it becomes clear that end user education is an essential part of IT security.
“It is important to note that security training must go beyond just how to identify phishing attacks,” the report notes, adding that “weak passwords, open RDP access, and a host of other user errors were also to blame for breaches.”
ADDITIONAL REPORTS & MARKET OUTLOOK (COVERING A BROAD RANGE OF SECTORS):
Digital & Trend Reports:
High-quality in-depth information on important and trending topics, such as 5G, digitalization, or artificial intelligence (AI). From cyber security, cloud computing, & robotics to e-commerce and virtual reality (VR), all significant trends are covered.
Industry Reports:
Comprehensive data on markets and industries, including market overviews, revenues, number of employees, as well as the latest information about the state of the industries, trends, and forecasts.
Brands & Company Reports:
Information on top brands and companies in all major industries and regions with detailed company overviews and rankings, including revenue, number of employees, company value, stock price, and major competitors.
Consumer Reports:
Overview of what consumers are thinking, featuring survey data on usage, behavior, attitudes, opinions, & preferences. Get to know the customers in different countries and industries.
Country Reports:
Crucial information regarding the status quo and development of countries & regions (Asia, Europe, Americas, Africa, Australia & Oceania) including key economic indicators like GDP, national finance, demographics, and trade figures as well as major industry players.