Breaking Down 2019 Cyber Attacks & Crime Reports

Cyber Attacks - Breaking Down the 2019 Cyber Crime Reports

On Feb. 11, the FBI released the 2019 Internet Crime Report.

Based on data compiled by the Internet Crime Complaint Center, the report revealed trends among the 467,361 cyber attack complaints, and accompanying losses of more than $3.5 billion.

These numbers reflect a substantial increase in cyber attacks compared to the previous four years of data, including:

  • 2015-2016 – 3.7% increase in attacks, 36.4% increase in damages
  • 2016-2017 – 1.0% increase in attacks, -6.7% decrease in damages
  • 2017-2018 – 16.7% increase in attacks, 92.9% increase in damages
  • 2018-2019 – 32.8% increase in attacks, 29.6% increase in damages

What’s more is that this report only includes formally reported cyber attacks.

It’s widely believed that many attacks go unreported so the victims can avoid public embarrassment. For that reason, it’s difficult to know whether or not those unreported cyber attacks represent the minority or the majority of the incidences.

In terms of sheer numbers, phishing remains at the top of the list, with over 114,702 victims reported from both corporate and individual levels.

Individuals aged 60-years-old and above comprise the category with the largest number of victims, and the largest total loss among consumers.

Business Email Compromise/Email Account Compromise (BEC/EAC) only reported 23,775 cyber attacks in 2019. However, with $1.7 billion in total damages, compromised business emails accounted for the largest amount lost.

The statistics don’t always tell the whole story, though.

For example, the ransomware category showed less than $9 million in damages, and just over 2,000 victims.

However, the FBI noted that ransomware damages are strictly limited to the ransoms paid. They do not include any costs associated with recovery or lost business.

Beware of Internal Phishing

Microsoft’s security research team predicted that the number of phishing attacks will increase for businesses and governments. The team also emphasized that those attacks will initially focus on low-level employees.

Related: Ransomware Attacks on Government Organizations

After compromising those employees, cyber criminals can use the victims’ email accounts to send seemingly credible internal emails to conduct phishing attacks on upper management. Attackers will try and phish their way into admin accounts to take over the domain.

Similarly, scammers plan to target small businesses, and leverage their compromised domains to attack larger affiliate companies. Employees are far more likely to open emails from trusted partner companies.

Thus, by properly mimicking regularly shared documents, attackers can gain full access to those partner networks as well.

Are these cyber attacks new? No.

However, they were not seen as an oncoming trend because of they require patience and a lot of work.

IBM’s Analysis

IBM’s X-Force Threat Intelligence Index 2020 shows that, while phishing remained top type of attack from 2019 (31% of attacks), exploits of known vulnerabilities surged from 8% in 2018 to 30% in 2019.

Additionally, stolen credentials make up 29% of attacks.

For experienced security professionals, the line between phishing and stolen credentials is blurry. That’s because many attackers use phishing to steal credentials.

Unfortunately, in 2019, many attackers skipped phishing and used brute-force password attacks to exposed records. Those attacked exposed an astounding 8.5 billion records.

Related: How to Create Strong Passwords & Passphrases

Due to the reusing of passwords and lack of 2-factor authentication, those exploits continue to be a problem for many companies.

Ransomware Developments

Lack of preparation, namely in healthcare organizations and municipalities, led to a surge of ransomware attacks in 2019

Because of that, about 36% of ransomware programs developed new code in 2020, so far, in order to stay ahead of attacks.

Essentially, you should expect ransomware attacks to become more advanced and complex in the near future.

Related: Ransomware Off to Aggressive Start in 2020

Cyber criminals that use malware always look to make changes and adjustments to their strategies.

One example of that is the Ragnar Locker malware, which attempts to disable MSP software to prevent detection and response. It targets active services, such as Sophos, Conectwise, and many others.

The good news is that your MSP software seems to work and cause issues for attackers, which is why they need to disable them. The bad news is that, until counter attacks are developed, your MSP’s ability to protect a Ragnar Locker-attacked system may be impaired.

Thus, it’s more important than ever before to monitor your networks for attack.

Related: Know Your Network – Why IT Details Matter

Simple cyber attack methods also cause damage.

Recently, Sophos Labs revealed that attackers used a “commodity” ransomware on both the IT and the Operational Technology (OT) systems at a compression facility for an undisclosed natural-gas pipeline in the U.S.

While there was no lasting damage, the organization was forced to shut down for two days to recover.

Firewalls & Encrypted Traffic

Are you inspecting packets at the firewall? More than likely.

Can you inspect the encrypted traffic? Not many can.

Unfortunately, it seems that cyber criminals are very aware of that.

In a recent report, Sophos Labs noted that 23% of all malware now uses transport layer security (TLS) to communicate over the internet.

Here are a few other important takeaways from that report:

  • Info stealersTrojans designed to gather information from a system — represent 16% of the malware communicators. Over 40% of those communicators use TLS encryption. These attackers thrive when you can’t detect the data going out through your firewall.
  • Second, malware creators don’t rely on TLS alone. Many add a second layer of encryption to further protect themselves from detection. The good news?  Ransomware attackers rarely use encryption because they don’t care about stealth. But, with the recent trend to exfiltrate data for extortion, we don’t know how long that will last.

Wireless Devices

For those of us with WiFi systems, a vulnerability called CVE-2019-15126 (AKA: Kr00k) can force the encryption key between two devices to reset back to all zeroes.  Researchers estimate that more than 1 billion wireless devices and routers are currently vulnerable.

While most manufacturers issued patches, you’ll need to keep an eye out for older Amazon Echo devices, older iPads, Macbooks, and smartphones. And, be sure to check on devices that aren’t used every day, as they may not be patched.

Getting the Right Cyber Security Support

While the types of attacks may be shifting, the solution remains the same.

Keep devices patched, apply best practices for security, and when in doubt – bring in experts to help.

With new vulnerabilities being found every week, it can be challenging for IT departments to keep up and manage their priorities.

Blue Bastion™ offers security monitoring as a service and, along with the team at Ideal Integrations, we keep your network safe and secure.

Whether you are interested in significant outsourcing or just simple assistance on a specific project, we’re here to help.

Contact us today for a risk-free cyber security demonstration.

Just complete the form below, or call 412-349-6680!

Get Your Risk-Free Evaluation & Secure Your Business Today!