The costs of cybercrime are extremely high these days. This year we’ve seen how a church lost $1.75 million in a BEC scam; two cities in Florida paid ransoms totaling over a million dollars after ransomware attacks; and British Airways had to pay a fine of £183 million.
Though we will have to wait some time to discover the total costs of cybercrime in 2019, we now have a figure that demonstrates the economic damage that it caused in 2018.
2018: a lucrative year for cybercriminals
On July 9, the Internet Society’s Online Trust Alliance (OTA) published its report 2018 Cyber Incident & Breach Trends Report. According to its calculations, the worldwide economic impact of cybercrime was at least $45 billion (€37.4 billion) in 2018. To reach this figure, the OTA studied several reports about the state of cybercrime. As well as this figure, the report reached several other striking conclusions.
One of the most shocking pieces of data is the fact that, according to the OTA’s calculaions, 95% of security breaches could have been prevented.
Ransomware: fewer infections, more money
As the OTA report explains, ransomware infections fell by 20% worldwide. However, despite this, economic losses related to this kind of cyberthreat rose by 60% in 2018 to reach 8 billion dollars.
This difference can be explained by the increase in targeted ransomware, a trend that grew 12% last year. What’s more, this trend is still on the up in 2019; the two attacks against the cities in Florida—along with attacks on several other cities in the US—are part of this trend.
The boom of cryptojacking
In 2018, there was a lot of talk about cryptojacking, the illicit use of an endpoint’s resources to mind cryptocurrencies. According to one of the sources used by the OTA, 1.3 million instances of cryptojacking code were detected last year, three times more than the previous year.
Although some sources indicate that cryptojacking declined throughout the year as cryptocurrency prices fell, the number of detections is still high. What’s more, cybercriminals that launched cryptojacking attacks will be able to use the foothold they gained on infected machines to carry out other kinds of cyberattacks.
The report explains that BEC scams experienced a strong growth in 2018. The data comes from the FBI, so only covers the United States. Even still, in the US alone, there were 20,000 incidents, with total losses of $1.3 billion. It is very likely that this kind of cybercrime had major economic repercussions in the rest of the world too, since it is relatively simple to carry out: the most basic versions require only an email address.
Supply chain attacks
One tactic that experienced a major increase last year were supply chain attacks. One of the most popular ways of carrying out this kind of attack was so-called “formjacking”: infecting a web form via a third party provider.
One of the sources for the OTA report noted a 78% increase in this kind of attack. What’s more, two thirds of companies have experienced a supply chain attack. Another important piece of data is the cost of this kind of cyberthreat: on average, a supply chain attack costs $1.1 million.
The most noteworthy example was the group Magecart. Since we have seen massive campaigns from this group in July of this year, it’s clear that this kind of attack is still popular in 2019.
Protect your organization
With such high economic repercussions, and such a wide range of techniques, cybercrime is a clear and present danger for organizations all over the world. As such, it is vital that companies know how to protect themselves against these cyberthreats.
The first thing is to increase the awareness of their employees. This includes educating them about the dangers of attachments and emails from unknown senders. This step is particularly important for stopping BEC scams, since they tend to use social engineering rather than malware.
To stop these cyberthreats from damaging your company’s IT systems, it is vital to know exactly what is happening on them at all times. Panda Adaptive Defense monitors all activity on the IT network, detecting any anomaly or suspicious activity. It stops cyberthreats before they can happen.
Cyberthreats will continue to evolve. However, with Panda Adaptive Defense you’ll be able to protect yourself against whatever may come in the future of cybercrime.