Hacking the World – Part 1: Hacking Basics
As part of Cybersecurity Awareness Month, we published a four-part series packed with facts and stats, to give you an in-depth look at the state of cybersecurity in today’s world.
Cybersecurity is in focus now more than ever – and 2020 was a record year for hacking activity. Companies faced swathes of sophisticated attacks during the initial throes of the COVID-19 pandemic and this trend has continued into 2021.
We’ll cover everything you need to know about the scale, cost, and geography of hacking attacks and data breaches, not to mention stats on the biggest threats, vulnerabilities, and risk areas over the last 12 months.
We’ll even look at the future of cybersecurity and provide some tips to stay safe. But first, let’s take a look at the basics, starting with some key definitions.
Jump to a section below, or read on:
Cybersecurity is a complicated subject with its fair share of technical jargon. Before we get into our long list of cybersecurity/hacking stats, let us first go over some key definitions.
This should help us avoid any confusion.
As you probably already know, cybersecurity is the protection of device users/contents against unauthorized electronic data and bad actors. Cybersecurity also outlines the measures taken to achieve this protection.
Hacking is the process of gaining unauthorized access to a system or device’s data. There are a ton of other cybersecurity and hacking-related definitions. Here are some important ones.
Now we’ll dive into the world of hacking and cybersecurity statistics…
Here are a few general stats to get you acquainted with cybersecurity and hacking: History, target data, and the current state of hacking breaches.
The History of Hacking
Hacking is almost as old as the very first computer network. That’s right, as long as computers have been around, people have been busy trying to figure out how best to exploit them.
Bob Thomas of BBM wrote the creeper — an experimental program designed to throw off users of the ARPANET network. The creeper displayed a simple message on-screen: “I’m the creeper, catch me if you can!”
The very same year saw the first major hack. John Draper, a Vietnam Veteran, packaged a toy whistle in a cereal box to create a 2600Hz tone — the perfect frequency to disconnect one end of an AT&T line and place the other on hold. This meant John could make free calls.
AOL was the site of the first phishing attempts. Hackers posed as AOL employees in messages and emails, convincing users to disclose account credentials.
While data breaches have been around for hundreds (if not thousands) of years, digital files make life easier for data thieves. Data breaches first started being recorded in 2005 and the same year delivered the first major breach on record. Hackers accessed DSW to leak over 1 million sensitive customer records.
You’re Hacked Every Day
A study from the University of Maryland reveals the constant rate at which personal computers and devices are attacked by hackers.
Dictionary scripts and brute force attacks are a big reason for constant attacks. While not necessarily very sophisticated or effective, dictionary attacks input every word in the dictionary/common username in an attempt to unlock access to a device, network, or account.
How Many Records Were Exposed in 2020?
The biggest companies handle the sensitive data of millions, sometimes billions, of people. This makes big corporations an attractive target for hackers.
Of the above-mentioned data breaches, 35% were caused by ransomware attacks and 14.4% were the result of email compromises like phishing attacks.
Big data caches have been a key target for hackers in recent years. There’ve been more than 300 databases that have leaked 100,000 or more records over the last 10 years.
The profitability of your credentials and the trend towards big data suggest this will be a theme long into the future.
Most exposed records end up selling on the dark web. 15 billion user credentials from 100,000 breaches can be found on the dark web, 1 billion of which are unique. This includes account usernames and passwords, online banking details, and social media accounts.
What Data is Compromised in a Breach?
To return to a briefly mentioned sentiment: hackers want your data.
Why? Because customer data is extremely valuable to hackers. It could reveal your bank account details or enough contact information to send you targeted phishing messages. Hackers can carry out numerous other cybercrimes with the use of your personal data.
Hackers may even post your most sensitive information on the dark web for other criminals to use (they’re nice like that!)
Elsewhere, intellectual properties and other forms of corporate data are also useful to hackers. These can be sold to rival companies for a profit or the victimized business could be held to ransom for its return.
Cyberattacks Are More Common
In a recent CyberEdge study, 86.2% of organizations were affected by a cyberattack over a 12 month period (November 2019-November 2020).
That’s a major increase compared to CyberEdge’s previous study when around 80% of organizations suffered a cyberattack.
The stats show how bad actors have stepped up their efforts in the wake of a global pandemic, targeting remote workers and vulnerable industries.
Malicious Breaches Are Increasing
The majority of cyberattacks target customer PII. To accompany an overall upward trend in hacking activity, the prevalence of hacking-related data breaches has also seen exponential growth over the last decade or so.
Malicious attacks accounted for 52% of data breaches in 2020. Some data breaches are caused by human error or a system glitch, but malicious attacks now lead to more breaches than these two roots combined.
In fact, 52% is the highest proportion of hacking-led breaches we’ve seen. These malicious breaches cost, on average, $4.27 million.
The biggest cyberthreats, from malware to phishing attempts and everything in between.
Cyberthreats Concern Businesses
What cyberthreats are businesses worried about the most?
Malware sits at the top of the list. The worry for businesses is that viruses, worms, or trojans could be used to compromise customer data. The same can be said for ransomware which can hold stored data until a ransom payment is received.
These are two of the most prominent cyberthreats that corporations face. We all have to deal with phishing attempts and businesses are no different. One employee could make a fatal error that compromises entire systems in 2021.
Account takeover is another concern while some hackers may bring a company’s site down with DDoS attacks — either to cause reputational damage to the organization or to generate financial gain for the hackers.
What Cybercrimes Do the Immediate Public Face?
According to the FBI’s Internet Complaint Center (IC3), these are 5 of the most prominent personal cybercrime complaints. Internet users face everything from fraud to personal data breaches and phishing attempts.
What’s more, these crimes have dramatically increased in number as the internet has continued to grow.
Extortion includes digital ransom, data compromises, DDoS, and other forms of malicious attack. IC3 reported cases of cyber extortion have increased from 17,000 in 2016 to 77,000 in 2020.
Personal data breaches are less common than breaches on an organizational level. That’s because hackers can access data for millions of users at once when accessing a server.
That being said, personal data breaches are still a huge problem. 45,000 of them were reported to the IC3 in 2020.
Phishing attempts are the most common cyberthreat people must face. We all receive spam emails, suspicious SMS messages, and untrustworthy calls. IC3 noted a whopping 241,000 phishing complaints in 2020 — twice the figure of 2019.
That’s a shocking statistic. The huge increase in COVID-19 related scams and general malicious activity is behind this figure.
Breach Actions Over Time
Specific threats can compromise companies’ systems to access as much data as possible. The above threats are some of the top actions behind data breaches.
Phishing is still the top threat to companies’ data stores. Phishing attempts were extremely common in 2020, even more so than stolen credentials. Hackers can access a system’s stolen credentials from previous hacks or on the dark web. This method is popular as hackers can save a lot of time when buying credentials.
Password dumpers, Trojans, Ransomware, and RAMscrapers are four of the biggest types of malware involved in breaches.
Some of these top “breach action varieties” are not hacking-related — namely “misconfiguration.” This is still a prominent reason for data leaks. Hackers can collect data without any work when databases are left without password authentication.
Data Breach Entry Points
Let’s zero in on the biggest data breach entry points for malicious attackers. We know phishing and compromised credentials are two of the biggest causes overall. They feature again in IBM’s research.
IBM also highlighted how vulnerabilities in third-party software are a big deal for hackers. Mobile devices, such as IoT devices, along with web and mobile applications can provide a bounty of potential entry points for hackers.
Some of the popular malware outlined in the previous point can be delivered through social engineering tactics, such as USB drops, while email accounts can also be compromised.
41% of businesses leave 1000+ sensitive files, such as credit card details and health records, unprotected and unsecured. It should come as no surprise, then, that misconfigured cloud servers are such a popular target for hackers.
Different methods are used to cyberattack different industries. This means hackers are utilizing a variety of tactics to exploit vulnerabilities specific to each sector.
Take Government and healthcare, for example, where ransomware is used to disrupt critical operations — the end result is a higher chance of ransom payment.
Credential harvesting is the best way to attack retail, given the sector’s increasing reliance on eCommerce, and 30% of IBM-observed Education incidents involve spam. This points to the sector’s low level of cybersecurity awareness amongst employees.
Hackers Target Supply Chains
Hackers are not only targeting a company’s own systems in 2021. They’re now looking at that company’s supply chain to gain access to systems, devices, networks, and databases.
This is a relatively new development, too. Sonatype found that supply chain attacks targeting open-source software increased by 430% in 2020.
Malware: An Ever-Present Issue
As you’ve probably gleaned so far, malware is pretty effective stuff. It consistently ranks as one of the top threats and cybersecurity concerns for businesses. Phishing messages often use malware too, convincing victims to click a malicious link.
Malware is a wide-ranging description. Basically, any computer program designed to make someone’s day at work even worse can be considered malware. That includes ransomware, spyware, RAMscrapers, Trojans, and viruses.
Specific “variants” of these types of malware continue to surface as businesses develop cybersecurity solutions to current applications.
It’s essential that businesses keep up. Malware attacks are expensive. They cost an average of $2.4 million and 50 working days for businesses.
Top Hacking Malware
What categories of malware are hackers using across all cyberattacks — data breaches, DDoS attacks, and otherwise?
Botnet malware is huge right now. Botnet allows hackers to gain control of an entire network of systems, which can supplement mass phishing/spam messaging and DDoS attacks.
A cryptominer is another type of Botnet malware with a very specific purpose. Cryptominers recruit computers to mine cryptocurrency — an increasing trend given crypto’s rising value.
Infostealers, like RAMscrapers, do exactly as their name suggests. Mobile malware targets mobile devices and banking malwares targets financial data.
Top Three Vulnerabilities in 2020
Hackers continually exploit new vulnerabilities in devices as an entry point to hacks.
According to Checkpoint, these are three of the most commonly exploited vulnerabilities in 2020.
The first vulnerability was found in a Draytek Vigor router product line. A remote code execution vulnerability allowed unauthenticated hackers to take full control of systems. This vulnerability affected 27% of organizations in 2020.
The next vulnerability was found in F5’s BIG-IP — a networking device that allows users to manage their applications’ security, traffic, and performance. Hackers exploited a remote code execution vulnerability in the device’s Traffic Management User Interface (TMUI). This allowed hackers to gain full control over systems, often utilized by Chinese nation-state hacking groups.
The last vulnerability was discovered in several Citrix products. Citrix products allow users to network and access tools, apps, data visualization, and resources out of the office. As many companies moved towards a remote working model, hackers exploited issues with the products’ access controls and input validation, providing them with URL endpoints and information disclosure.
Ransomware Targets Specific Industries
Ransomware disproportionately affects some industries. Hackers target sectors that have a poor cybersecurity level and/or rely on highly valuable and extensive customer data:
Telecom companies and finance companies deal with sensitive data, while education and healthcare are two examples of sectors with sensitive data and a poor level of cybersecurity.
In fact, most businesses are not prepared. 50% of cybersecurity professionals believe their organization is not ready to repel a ransomware attack.
The cost of downtime is more expensive than the ransom payment for many of these companies. This is particularly true for healthcare, where patient lives can be lost when systems go down. 19% of all breaches in the healthcare sector are caused by ransomware.
Ransoms are paid more often than not when the stakes are so high. That explains why ransom attacks are popular amongst hackers. According to VMware, 14% of breaches around the world are caused by ransomware attacks.
The Ransomware Cycle
Ransomware attacks are rising as companies increasingly pay to recover data. In 2016, a business was hit with a ransomware attack every 40s. In 2021 that figure is 11s.
This cycle is motivating hackers to conduct more ransomware attacks and return data at a higher rate — businesses are more likely to pay ransoms when they know data will be returned.
Ransomware Payouts Are Increasing
Hackers have been raising the price of their ransoms, too, as they become more certain that businesses will cough up the required amount.
Prices were rising well before 2020, though ransom prices skyrocketed during the pandemic. This is because of the wealth of important information in circulation during COVID-19.
Certain sectors, such as healthcare and Government organizations, were under immense pressure from COVID-19. Any system downtime was especially critical, and costly, meaning hackers could charge significantly more. The average ransom rose 33% in 2020.
Phishing Is the Biggest Threat
Phishing attempts exploit human error and lapses in concentration. For all the cybersecurity tech businesses can integrate, human error is ever-present and unaccountable. Hackers will continue to utilize phishing as long as employees remain in the dark about its dangers.
56% of IT decision-makers agree that phishing is the number one security threat they face. Concurrent with a general rise in cyber incidents and COVID-19-related scams, Symantec found that phishing attempts increased in 2020 after a period of decline. 1 in every 4,200 emails was a phishing attempt in 2020.
Social Engineering and Phishing Volume
Proofpoint researchers dug a little deeper into how often companies are attacked with social attacks that aren’t standard email-based phishing attempts.
The data shows that a range of other social engineering attacks are almost as common. 6 out of 10 organizations saw attacks through social media and the same can be said for SMS-based phishing.
Vishing (i.e. voice-phishing over the phone) happens to 54% of organizations. Meanwhile, 54% of businesses experience USB-based attacks, such as USB drops.
What Do Phishers Want?
Phishers primarily aim to gather account credentials when carrying out attacks. Verizon found that credentials were compromised in 60% of phishing breaches in 2020. Cofense discovered that credentials were leaked in 70% of all phishing attacks – a decrease from 2019 (74%).
Phishers are also after you PII — data that could allow them to carry out several other fraudulent cybercrimes. Internal data is also of importance to your average phisher, as are industry secrets.
The importance of credentials and PII to phishers is reflected in the industries they target.
APWG found that payment companies (15.2%), financial companies (22.5%), and SAAS/webmail companies (22.2%) suffered the highest percentages of all phishing attacks.
On a side note, big hacking groups are often after other types of information. 96% of hacking groups use phishing for “intelligence gathering” (collecting internal secrets and classified information).
Top Cryptojacking Malware
Cryptojacking attacks are becoming increasingly common as crypto becomes a valuable and sought-after currency. Roughly a quarter of businesses have been hit with crytpojacking attacks.
XMRig is the dominant form of cryptojacking software, accounting for 35% of cryptomining incidents worldwide.
JSECoin, Lucifer, WannaMine, and RubyMiner are four more universally popular cryptomining softwares. There are some differences between regions, however. Notably, Darkgaet is more popular in the EMEA region while NRSMiner is common in APAC nations.
Cryptomining malware can be delivered in a variety of ways. Applications often hide mining botnets in their code. In fact, 25% of WordPress plugins are thought to contain Critical vulnerabilities that could make them susceptible to crytojacking malware. Meanwhile, 9 out of 10 remote code execution attacks are associated with cryptomining.
Most Common DDoS Attacks
DDoS attacks are less common than phishing attempts, malware attacks, or ransomware. That being said, DDoS attacks hit record numbers in 2020 and are still critically damaging to businesses.
Netscout recorded 10,089,687 DDoS attacks in 2020. That’s nearly 1.6 million more than the 8.5 million recorded attacks in 2019.
Over this period, volumetric DDoS attacks have been the primary method used by hackers. Volumetric attacks overload a network with traffic in order to consume all of its bandwidth, taking it down.
Protocol DDoS attacks are the second most common type of DDoS. Protocol DDoS attacks overwhelm the connection tables within firewalls or routers by sending a large number of network packets.
Application DDoS is the least common DDoS attack. It consumes all of the resources of the origin server, whatever that application may be. By peppering the server with illegitimate requests, legitimate requests cannot be processed.
Multivector DDoS on the Rise
DDoS attacks increased by 55% between January 2020 and March 2021. 54% of incidents used multiple attack vectors. That means attackers utilize multiple different points of entry.
Multi-vector attacks are more complex and therefore harder to defend against. The average DDoS attack used 1Gbps of data — enough to disable most small to medium-sized websites. From January 2020 to March 2021, the biggest DDoS attack measured 500Gbps and used 5 attack vectors, though, Amazon countered a record DDoS attempt of 2.3Tbps in 2020.
While multi-vector attacks are on the rise, hackers are also favoring shorter-duration DDoS attacks. 90% of DDoS attacks last for less than 1 hour.
This was Part 1 of our Hacking the World series.
Or jump ahead to the next parts:
Part 3: Who & Where – The Hackers and the Hacked
Part 4: The Cost & Future of Hacking (Plus: Safety Tips)