PartTwo
THE FBI reported that the Business E-mail Compromise, a.k.a. E-mail Account Compromise, a sophisticated scam targeting both businesses and individuals performing wire transfer payments, has cost more than $12.5 billion in losses over the past 4.5 years (as of its last tally through May 2018).
Less than half of companies globally are sufficiently prepared for a cyber-security attack, according to a Pricewaterhouse Coopers report that surveyed 3,000 business leaders from more than 80 countries.
Cybersecurity Ventures predicts that retail, oil and gas/energy and utilities, media and entertainment, legal, and education (K to 12 and higher education), will round out the top 10 industries for 2019 to 2022.
The five most cyber-attacked industries over the past five years are health care, manufacturing, financial services, the government and transportation.
ATM makers, banks and law enforcement have been scrambling to defend the 400,000 ATMs in the US against “jackpotting.” When cyber criminals take control of the machine, cash spews out of it like a Las Vegas jackpot. Jackpotting has been rising worldwide, though it’s unclear how much has been stolen because victims and police often do not disclose details.
Almost 50 percent of Ultra
High Net Worth family wealth is being managed through family offices, which can
be (cyber) targets due to the potential extortion value
attached to reputational threats. Some 40 percent family offices lack
cyber-security policy, 28 percent of these businesses have already been victims
of cyber attacks.
Distributed Denial of Service attacks represent the dominant threat observed by the vast majority of service providers—and they can represent up to 25 percent of a country’s total Internet traffic while they are occurring. Globally the total number of DDoS attacks will double from 2017 figures, according to the Cisco Visual Networking Index.
Hacking tools and kits for cyber attacks, identity theft, malware, ransomware and other nefarious purposes have been available in online marketplaces for several years—price points starting as low as $1— which makes the cost of entry to a life of cybercrime nearly free.
Ransomware
Ransomware damage costs are predicted to be 57X more in 2021 than they were in 2015. This makes ransomware the fastest-growing type of cyber crime. The US Department of Justice has described ransomware as a new business model for cybercrime, and a global phenomenon.
Global ransomware damage costs are predicted to hit $20 billion in 2021, up from $11 billion in 2019, $5 billion in 2017 and just $325 million in 2015, according to Cybersecurity Ventures. Cybersecurity Ventures expects that businesses will fall victim to a ransomware attack every 11 seconds by 2021, up from every 14 seconds in 2019, and every 40 seconds in 2016. Ransomware attacks saw a 350-percent increase in 2018, according to one estimate.
Global spending on security awareness training for employees, one of the fastest-growing categories in the cyber-security industry, is predicted to reach $10 billion by 2027, up from around $1 billion in 2014. Much of this training is centered on combating phishing scams and ransomware attacks.
It’s widely reported that more than 90 percent of successful hacks and data breaches stem from phishing scams, e-mails crafted to lure their recipients to click a link, open a document or forward information to someone they shouldn’t. Training users how to detect and react to these threats is a critical ransomware deterrent.
The no more ransom online portal is now available in 35 different languages and carries 59 free decryption tools, covering some 91 ransomware families. So far, the tools provided on No More Ransom have managed to decrypt the infected computers of over 72,000 victims worldwide.
Crypto-jacking and SIM-swapping
Crypto-jacking is illegally mining cryptocurrencies, and it’s gaining ground on ransomware as a favorite revenue stream for cyber criminals. The problem is so severe that Google announced it would ban all extensions that involved cryptocurrency mining from its Chrome browser. SIM-swapping is on the rise and poses a major threat to cryptocurrency account holders.
Crypto-jacking was one of the fastest-growing cyber-security threats in 2018, with 25 percent of all businesses already falling victim to it.
A report from the Cyber Threat Alliance indicates a massive 459 percent increase in the rate of crypto-jacking, through which hackers hijack computer processing power to mine cryptocurrencies such as Bitcoin and Monero.
Crypto-jacking participants can use more sophisticated means to evade detection and, according to one study, only around 50 percent of malicious attacks are detected.
On average, most crypto-jackers don’t earn much. One out of every 500 of the top million Alexa-ranked sites hosts crypto-jacking code. The 10 most profitable cryptomining sites identified generate between $119 to $340 per day, according to academics at Braunschweig University of Technology in Germany. It remains to be seen how many crypto-jackers will revert to ransomware, and data theft and resale on the Dark Web for higher payouts.
SIM-swapping attacks have stolen tens-of-millions of dollars worth of cryptocurrency. The compromise involves tricking a mobile carrier employee into rerouting a subscriber’s phone number to a hacker’s SIM card. This enables the perpetrator to intercept the victim’s messages— including 2FA codes—which help locate the private keys used to access a cryptocurrency account. The first hacker convicted of SIM-swapping was sentenced to 10 years in prison.
To be continued
To reach the writer, e-mail cecilio.arillo@gmail.com.