Internet Business

Internet Society's Online Trust Alliance Reports Cyber Incidents Cost $45B in 2018 – AsiaOne

Cybercriminals learning how to monetize millions of incidents, yet
report finds 95 percent could have been avoided


Media OutReach


July 10, 2019
– The Internet Society’s Online Trust Alliance (OTA)

which identifies and promotes security and privacy best practices
that build consumer confidence in the Internet
, today released its Cyber Incident & Breach Trends Report

. The report found the financial impact of ransomware rose by 60%,
losses from business email compromise (BEC) doubled, and
cryptojacking incidents more than tripled, all despite the fact
that overall breaches and exposed records were down in 2018. The
data shows that cybercriminals are getting better at monetizing
their activities, with OTA estimating the more than 2 million cyber
incidents in 2018 resulted in over $45 billion in losses, with the
actual numbers expected to be much higher as many cyber incidents
are never reported.


“While it’s tempting to celebrate a decreasing number of breaches
overall, the findings of our report are grim,” said Jeff Wilbur,
technical director of the Internet Society’s Online Trust Alliance.
“The financial impact of cybercrime is up significantly and cyber
criminals are becoming more skilled at profiting from their
attacks. So, while there may be fewer data breaches, the number of
cyber incidents and their financial impact is far greater than
we’ve seen in the past.”


In the report, OTA noted a steep rise in cyber incidents like
supply chain attacks, Business Email Compromise (BEC) and
cryptojacking. Some attack types, such as ransomware, are not new
but continue to be lucrative for criminals. Others, such as
cryptojacking, show that criminals are shifting their focus to new
targets. Some of the top trends from the Cyber Incident &
Breach Trends Report are listed below.



Rise of Cryptocurrency Breeds New Cyber Criminals

In conjunction with the increasing prevalence of cryptocurrency
comes the rise of cryptojacking, which tripled in 2018. This is a
specific type of attack aimed at hijacking devices to harness
computer power at scale to efficiently mine cryptocurrency. OTA
believes these incidents are increasingly attractive to criminals
as they represent a direct path from infiltration to income, and
are difficult to detect.


Deceptive Email

Though well-known as an attack vector, Business Email Compromise
(BEC) doubled in 2018, resulting in $1.3 billion in losses as
employees were deceived into sending funds or gift cards to
attackers who use email to impersonate vendors or executives. 
Many companies are reacting by clearly labeling all emails that
originate outside the organization’s network.



Attacks via Third Parties

Supply chain attacks — wherein attackers infiltrate via
third-party website content, vendors’ software or third-parties’
credentials — were not new in 2018 (similar past exploits include
Target in 2013, CCleaner and Not Petya in 2017), but they continue
to proliferate and morph. The most notable 2018 attack was
Magecart, which infected the payment forms on more than 6,400
e-commerce sites worldwide. The OTA report compiled external
sources that estimated a 78% increase in these types of attacks in
2018, with two-thirds of organizations having experienced an attack
at an average cost of $1.1 million, and estimates that half of all
cyber attacks involve the supply chain.



Governments Under Attack

While the total number of ransomware attacks was down in 2018, the
OTA report noted a troubling rise in reported ransomware attacks
against state and local governments in 2018 and early 2019.
Breaches targeting the cities of Baltimore and Atlanta led to the
disruption of many government services and the rebuilding of entire
network structures. Local governments are particularly vulnerable
given that they often rely on outdated technology and are running
old software and operating systems.



Issues in the Cloud

While also not new, 2018 brought a rash of sensitive data being
left open to the Internet due to misconfigured cloud services.
Given the number of businesses that rely on companies like Amazon,
Google, and Microsoft for some or all of their cloud needs, it is
increasingly important to ensure cloud storage is secure. The
report noted that one common problem with cloud computing isn’t
even a true “attack”, but user error. Configuring data storage
correctly is the responsibility of the data’s owner, not of the
cloud service and it’s often improperly done.



Credential Stuffing Rises

OTA found an increase in credential stuffing in 2018, an attack
type that recently gained prominence. Given that there are now more
than 2.2 billion breached credentials in play and users often rely
on identical logins across services, attackers are harnessing
ultra-fast computers and known username/password pairs or commonly
used passwords to gain access directly to accounts across a wide
range of industries. Several high-profile attacks occurred in 2018,
and though many were initially believed to be breaches, they turned
out to be brute-force credential attacks.


Most Breaches Preventable

As in past years, OTA found most breaches could have been easily
prevented. It calculated that in 2018, 95 percent of all
breaches could have been avoided through simple and common-sense
approaches to improving security. The report

provides a checklist.


“Our report findings indicate that cybercriminals are using their
infiltration ability to focus on new, more lucrative attacks,”
continued Wilbur. “Staying up-to-date on the latest security
safeguards and best practices is crucial to preventing attacks in
the future.”



OTA came to its conclusions in the report by tracking and analyzing
threat intelligence data from multiple sources. These sources
included but are not limited to Risk Based Security, Identity Theft
Resource Center, Privacy Rights Clearinghouse, DLA Piper, Symantec,
the FBI, and more.

About OTA

The Internet Society’s
Online Trust Alliance (OTA)

identifies and promotes security and privacy best practices that
build consumer confidence in the Internet. Leading public and
private organizations, vendors, researchers, and policymakers
contribute to and follow OTA’s guidance to help make online
transactions safer and better protect users’ data. The
Internet Society

is a global nonprofit dedicated to ensuring an open, globally
connected, trustworthy, and secure Internet for everyone.

Let’s block ads! (Why?)

Source link

Related posts

Beyond the convenience of the Internet of Things – IOL


New Mississippi law lets electric co-ops offer internet – Raleigh News & Observer


Tata Communications expects IoT business to vault 10x – BusinessLine


Leave a Comment

18 + 15 =