According to a new report released this week by the Internet Society’s Online Trust Alliance (OTA), the overall number of data breaches and records exposed by cyber incidents last year decreased while losses from certain attacks actually increased as cybercriminals learned how to better monetize their activities.
For example, the report found that the financial impact of ransomware rose by 60% in 2018, while losses from business email compromise (BEC) and cryptojacking incidents doubled and tripled respectively. Overall, the OTA estimates that the more than two million cyber incidents that occurred last year resulted in over $45 billion in losses, with the actual number being much higher being that most cyber incidents are never reported.
“While it’s tempting to celebrate a decreasing number of breaches overall, the findings of our report are grim,” Jeff Wilbur, technical director of the Internet Society’s Online Trust Alliance, said in a statement. “The financial impact of cybercrime is up significantly and cyber criminals are becoming more skilled at profiting from their attacks. So, while there may be fewer data breaches, the number of cyber incidents and their financial impact is far greater than we’ve seen in the past.”
Top trends from the Cyber Incident & Breach Trends Report included:
- Rise of Cryptocurrency Breeds New Cyber Criminals In conjunction with the increasing prevalence of cryptocurrency comes the rise of cryptojacking, which tripled in 2018. This is a specific type of attack aimed at hijacking devices to harness computer power at scale to efficiently mine cryptocurrency. OTA believes these incidents are increasingly attractive to criminals as they represent a direct path from infiltration to income, and are difficult to detect.
- Deceptive Email Though well-known as an attack vector, Business Email Compromise (BEC) doubled in 2018, resulting in $1.3 billion in losses as employees were deceived into sending funds or gift cards to attackers who use email to impersonate vendors or executives. Many companies are reacting by clearly labeling all emails that originate outside the organization’s network.
- Attacks via Third Parties Supply chain attacks – wherein attackers infiltrate via third-party website content, vendors’ software or third-parties’ credentials – were not new in 2018 (similar past exploits include Target in 2013, CCleaner and Not Petya in 2017), but they continue to proliferate and morph. The most notable 2018 attack was Magecart, which infected the payment forms on more than 6,400 e-commerce sites worldwide. The OTA report compiled external sources that estimated a 78% increase in these types of attacks in 2018, with two-thirds of organizations having experienced an attack at an average cost of $1.1 million, and estimates that half of all cyber attacks involve the supply chain.
- Governments Under Attack While the total number of ransomware attacks was down in 2018, the OTA report noted a troubling rise in reported ransomware attacks against state and local governments in 2018 and early 2019. Breaches targeting the cities of Baltimore and Atlanta led to the disruption of many government services and the rebuilding of entire network structures. Local governments are particularly vulnerable given that they often rely on outdated technology and are running old software and operating systems.
- Issues in the Cloud While also not new, 2018 brought a rash of sensitive data being left open to the Internet due to misconfigured cloud services. Given the number of businesses that rely on companies like Amazon, Google, and Microsoft for some or all of their cloud needs, it is increasingly important to ensure cloud storage is secure. The report noted that one common problem with cloud computing isn’t even a true “attack,” but user error. Configuring data storage correctly is the responsibility of the data’s owner, not of the cloud service and it’s often improperly done.
- Credential Stuffing Rises OTA found an increase in credential stuffing in 2018, an attack type that recently gained prominence. Given that there are now more than 2.2 billion breached credentials in play and users often rely on identical logins across services, attackers are harnessing ultra-fast computers and known username/password pairs or commonly used passwords to gain access directly to accounts across a wide range of industries. Several high-profile attacks occurred in 2018, and though many were initially believed to be breaches, they turned out to be brute-force credential attacks.
For more information about the report or download a full copy, click here.
