By Ekaterina Khrustaleva, Chief Operating Officer at ImmuniWeb
2021 was a very stressful year for enterprises and government organizations alike due to an increase in the sophistication and scale of cyber-attacks, notably ransomware and supply chain attacks. There were high-profile breaches such as Colonial Pipeline, JBS, and dozens of other incidents that had major economic and security impact. According to the FBI’s annual Internet Crime Report, businesses lost more than $6.9 billion through cybercrime in 2021, this marks a 7% increase compared to $1.7 billion in 2020.
In 2021, the FBI’s Internet Crime Complaint Center (IC3) received a record number of complaints (847,376), with ransomware, business e-mail compromise (BEC) schemes, and the criminal use of cryptocurrency being among the top incidents reported. The FBI revealed that victims lost $2.4 billion through BEC scams, $1.46 billion through investment scams, and $956 million through confidence fraud and romance scams.
Also Read: Organizations are Struggling to Manage Their Cyber Assets
What is most worrisome is that the vast majority of crimes go unreported, and only 10 to 12% of cybercrime victims seek assistance, that’s according to the IC3’ unit chief Donna Gregory.
Who is being exploited by cybercrime?
Cybercrime refers to any illegal activity carried out using computers (or other digital devices) and the internet. It comes in many forms like hacking, financial fraud, theft of data, intellectual property and identity, violation of privacy, stalking, online bullying, and more.
Cybercriminals, ranging from rogue individuals to organized cybercrime syndicates to state-sponsored hacker groups leveraging a wide array of techniques, such as phishing, social engineering, malware, denial-of-service (DoS) and distributed-denial-of-service (DDoS), or attacks exploiting vulnerabilities in software products to reach their goals.
A concern is that a growing number of state and federal agencies can be easily compromised even without much technical skills or hacking ability. They have a myriad of unprotected IT and cloud systems exposed to the internet, with default or weak credentials, or even without passwords.
Worse, most of the victims can be rapidly and invisibly hacked through their trusted third parties, including IT vendors and suppliers. Today, attackers need no recourse to expensive 0days or long-lasting APTs: most of their victims are low-hanging fruit.
Scammers can play a variety of roles. They can pretend to be relatives or friends or pose as government agencies like law enforcement to extort personal information from victims. In March, the FBI released an alert about fraudsters impersonating government officials or law enforcement agencies in attempts to extort money or steal personally identifiable information.
Also Read: How Businesses Can Improve Their Fraud Program
To combat the current and emerging cyber threats, organizations and businesses should implement a robust cyber security program that combines the latest technologies, advanced cyber security solutions, data security policies, risk assessment, and an incident response plan.
E-commerce websites have always been an attractive target for cyber thieves because they are treasure troves of financial and personal information. The cost of a breach, both in loss of data and in customer trust, can be hugely damaging for companies of all sizes.
The more internet presence an organization has, the bigger its external attack surface is, enabling additional attack vectors like phishing, ransomware, or so-called “Magecart” attacks (schemes involving the use of online skimming techniques for the purpose of stealing customer details and credit card data from websites).
According to a 2021 report, 77% of e-commerce merchants in Mexico reported an increase in online payment fraud, followed by Canada (68%), the US (61%), the UK and Ireland (58%), Australia (58%), and France (55%).
Incomplete or outdated visibility of organizational IT assets and data storage, outdated software, and human mistakes are the most common sources of security and privacy issues.
Organizations can protect themselves against cyber threats by implementing security measures like auditing access to data, ensuring visibility of IT assets, implementing a patch management program, securing web and mobile applications, and keeping watch for possible phishing and squatting risks.
The rising cost of cybercrime
Experts predict that global cybercrime costs will grow by 15% each year, reaching $10.5 trillion annually by 2025, up from $3 trillion in 2015.
Cyber-attacks have a greater financial impact on entities in the financial sector, which prompts financial service firms to adopt a more sophisticated approach to cyber defense and make investments in advanced security solutions, such as security intelligence systems, automation, orchestration, and machine learning technologies.
Financial service companies have always been highly profitable and thus attractive targets for cybercriminals. With the surge of crypto-mining attacks, the situation has started to change, but financial services will still likely dominate the cybercrime target list.
Financial service companies usually handle very sensitive and easily exploitable customer data. Consequentially, and without surprise, the cost per breach in the financial sector is one of the highest. The global economy is stagnating, the Great Resignation is upon us, while talented young people from developing countries have access to the internet. Cybercrime will predictably and inescapably grow within the next decade.
2021 saw an alarming surge in sophisticated ransomware attacks, targeting hundreds of businesses and organizations worldwide. According to a recent report, 37% of all businesses and organizations were hit by ransomware in 2021 and out of all, 32% paid a ransom but recovered only 65% of their data.
Ransomware cost the world $20 billion last year, and that number is expected to grow to $265 billion by 2031. Many security experts expect that ransomware is going to become an even bigger problem. In fact, REvil, the gang behind multiple high-profile ransomware attacks against major companies, such as Colonial Pipeline, JBS, Acer, and others, admitted that they made more than $100 million in one year by extorting large businesses worldwide across various sectors.
What the future holds
Sadly, these figures are merely the tip of the cybercrime revenue iceberg. The biggest problem is that hacking campaigns, such as ransomware, can be easily deployed via ransomware-as-a-service now widely offered by professional cyber gangs to beginners and do not require virtually any technical skills to generate growing revenues.
The proliferation of cryptocurrencies also makes such crimes technically uninvestigable, while law enforcement agencies and joint task forces are already overburdened with nation-state attacks and transnational targeted attacks aimed to steal intellectual property from the largest Western companies.
Cybercrime flourished in 2021, and there are no indications that it will slow down. 2022 promises to bring more challenges as cybercriminals will adjust their approach to become even more sophisticated in their intrusions. Cybersecurity experts predict that the scale of cyber-attacks will continue to break records, and data breaches not only will get bigger, but they’ll cost organizations more to recover.
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
