Hacking the World – Part 1: Hacking Basics
As part of Cybersecurity Awareness Month, we published a four-part series packed with facts and stats, to give you an in-depth look at the state of cybersecurity in today’s world.
The word hacker brings up images of hooded people sitting in a basement, banging on the keyboard, trying to break into the systems of various organizations. That’s how Hollywood presents them to us — but how close to the truth is it? With the rise in cybersecurity concerns, it’s important to know the ins and outs of the hacking world and how it came to be.
In this Hacking the World series, we’ll cover everything you need to know about the history of hacking, as well as the scale, cost, and geography of cyberattacks and data breaches. We’ll also go over stats on the biggest threats, vulnerabilities, and risk areas you might be subject to.
We’ll finish off with the future of cybersecurity and provide tips to stay safe online – the easiest way you can do so right now is to buy a VPN. Let’s start by taking a look at the basics: some key definitions you’ll need along the way.
Jump to a section below, or read on:
Cybersecurity is a complicated subject with its fair share of technical jargon. Before we get into our long list of cybersecurity/hacking stats, let us first go over some key definitions.
Cybersecurity is the protection of device users and contents against unauthorized access of electronic data and bad actors. It also outlines the necessary measures needed to achieve this protection.
On the other hand, hacking is the process of gaining unauthorized access to a system or device’s data.
Now that you know the two main keywords, let’s take a look at other important cybersecurity and hacking-related definitions.
To fully understand cybersecurity and hacking, let’s take a look at how hacking started, the most important moments in history of hacking, target data, and the current state of data breaches.
The History of Hacking
Hacking is almost as old as the very first computer network. That’s right, as long as computers have been around, people have been busy trying to figure out how best to exploit them.
When the first hack occurred in 1961, it wasn’t known as that — and it had little to do with actual computers. The MIT’s Tech Model Railroad Club “hacked” its toy train sets to alter how they work. That team later moved on to computer hacking to improve what they could accomplish by implementing a series of clever shortcuts. This incident served as the origin of the term “hacker”, which was later described as a highly skilled individual practicing hardcore computer programming.
Ten years later, the first computer virus — named “the creeper” — was born. Developed by Bob Thomas of BBM, the experimental program was designed to taunt users on the ARPANET network. When successful, the creeper displayed a simple message on-screen to taunt computer users: “I’M THE CREEPER; CATCH ME IF YOU CAN!”
The very same year saw the first major “hacker” emerge. John Draper (aka Captain Crunch) was a Vietnam Veteran who put a toy whistle in a cereal box. When blown, the whistle created a 2600 Hz tone, which is the perfect frequency to disconnect one end of an AT&T line and place the other one on hold. This let John make free phone calls whenever he wanted. This type of hacking later earned its own nickname: “phreaking”.
From there, hacking branched out into multiple avenues, including the now-so-prominent, phishing. Phishing scams go back as far as 1994, when AOHell wrecked havoc among AOL users. Hackers posed as company employees in messages and emails, convincing users to disclose account credentials. This went on for days, tricking hundreds of people into compromising their identity.
Finally, we get to data breaches — the bane of modern companies that handle online databases. While databases have been around for hundreds (if not thousands) of years in one shape or another, the digitalization of data makes it easier for thieves to steal user files. The history of hacking records the first data breach to have taken place in 2005, when hackers broke into DSW and leaked over 1 million sensitive customer records, delivering one of the biggest hacks in history.
You’re Hacked Every Day
A study conducted by the University of Maryland revealed that personal computers and devices experience a hacking attempt every 39 seconds. This means that your device may be attacked over 2,200 times in one day.
The researchers discovered that a majority of these attacks use dictionary scripts and brute force to gain access to a PC. Both methods rely on guessing password and username combinations — and while they’re not the most sophisticated, they’re fairly successful at unlocking admin privileges.
How Many Records Were Exposed in 2020?
The biggest companies handle the sensitive data of millions, sometimes billions, of people. This makes big corporations an attractive target for hackers.
With a majority of businesses now handling their customer data online, it’s no surprise that 2020 saw a massive increase in data breaches and leaks, exposing 37 billion records. Out of all attacks, 35% were caused by ransomware and 14.4% were a result of email compromises, like phishing.
Most hackers end up selling the exposed records on the Dark Web. Currently, as many as 15 billion user credentials (1 billion of them unique) from 100,000 breaches are still up for grabs. The offered data includes account usernames, passwords, online banking details, and social media accounts.
The profitability of your credentials and the trend toward big data suggest this will be a theme long into the future — raising the need for more database security.
What Data is Compromised in a Breach?
Every data breach aims to get as much of your personal data as possible. Hackers’ main interest lies in customer information, which constitutes around 80% of leaked details. The reason behind it lies in the high value of the exposed files. Since they hold extremely personal and vulnerable information that can identify you, hackers can use it to carry out numerous other attacks, like phishing, with a higher success rate.
Intellectual property is the second most valuable item cyberattackers are after, with anonymized user data and employee information following closely. These files can then be sold to rival companies for profit or the victimized business could be held to ransom for its return.
The Growing Issue of Cyberattacks
A recent CyberEdge study revealed that 86.2% of businesses were affected by a successful cyberattack over a 12-month period (November 2020 – November 2021). That’s an increase compared to the year before, when the number of organizations who suffered a cyberattack was around 6% lower. It’s also at its highest in the history of hacking.
These stats show that bad actors have stepped up their efforts in the wake of a global pandemic, targeting remote workers and vulnerable industries.
Malicious Breaches Are Increasing
The majority of cyberattacks target customer personally identifiable information (PII). To accompany an overall upward trend in hacking activity, the prevalence of hacking-related data breaches has also seen exponential growth over the last decade or so.
Malicious attacks accounted for 52% of data breaches in 2020. Some data breaches are caused by human error or a system glitch, but malicious attacks now lead to more breaches than these two roots combined.
In fact, 52% is the highest proportion of hacking-led breaches we’ve seen. These malicious breaches cost, on average, $4.27 million.
It’s not enough to know the reason behind cyberattacks. To know how to protect yourself, you need to know what are the biggest cyberthreats currently targeting businesses and individuals, from malware to phishing and everything in between.
Cyberthreats Concern Businesses
What cyberthreats are businesses worried about the most?
Malware sits at the top of the list. The worry for businesses is that viruses, worms, or trojans could be used to compromise customer data. The same can be said for ransomware which can hold stored data until a ransom payment is received.
What cyberthreats are businesses worried about the most? Malware aka all viruses, worms, Trojans, and any other program aimed at wreaking havoc on your device. These little programs are designed to nest themselves on a computer without your knowledge and collect as much data as possible.
The second threat professionals are concerned about is ransomware. It’s a specific type of malware program that takes hold of your device and locks you out until you pay a ransom fee.
Ransomware is closely followed by phishing attempts — one of the most common types of attacks. This one is particularly dangerous as anyone can be targeted. One employee could easily make a fatal error that compromises entire systems as soon as he or she opens an attachment from an infected spam message.
Other hacking concerns include account takeover and DDoS attacks, with the latter used to cause reputational damage to the organization or to generate financial gain for the hackers.
What Cybercrimes Do the Immediate Public Face?
According to the FBI’s Internet Complaint Center (IC3), phishing, payment scams, extortion, data breaches, and identity theft are the most prominent cybercrime complaints. What’s more, these crimes have drastically increased in number as the internet has continued to grow.
Phishing attempts are the most common cyberthreat people face. Every day, millions of us receive spam emails, suspicious text messages, and untrustworthy calls. IC3 noted a whopping 241,000 phishing-related complaints in 2020 alone. That’s twice as much as 2019!
Non-payment/non-delivery is a common e-commerce scam. It basically describes any situation where you pay for a service, but don’t receive any goods — or you sell a service, but don’t receive a payment. These scammers have been on the rise since more shops now operate online, with over 100,000 cases taking place in 2020.
What’s more, these crimes have dramatically increased in number as the internet has continued to grow.
Extortion includes digital ransom, data compromises, DDoS, and other forms of malicious attacks. The FBI report shows these attacks grew significantly: from 17,000 in 2016 to 77,000 in 2020.
Personal data breaches are less common than breaches on an organizational level. That’s because hackers can access data for millions of users at once when accessing a server.
That being said, personal data breaches are still a huge problem. 45,000 of them were reported to the IC3 in 2020.
Phishing attempts are the most common cyberthreat people must face. We all receive spam emails, suspicious SMS messages, and untrustworthy calls. IC3 noted a whopping 241,000 phishing complaints in 2020 — twice the figure of 2019.
Personal data breaches are less common than breaches on an organizational level given that hackers can access data for millions of users at once when accessing a business server. That being said, personal data breaches are a huge problem and 45,000 cases were reported to the IC3 in 2020. The leaks also often lead to identity theft since hackers steal enough personal information to create fake accounts in your name.
Breach Actions Over Time
Specific threats can compromise companies’ systems to access as much data as possible. The above threats are some of the top actions behind data breaches.
Phishing is the top breach method due to how easy it is to carry it out. Just 1 scam email template can be sent to millions of people, including employees. In fact, phishing attempts are even more common than stolen credentials. That’s because the latter requires more resources to either access a system’s database from previous hacks or buy them on the Dark Web.
When it comes to malware, ransomware, Trojans, password dumpers, and RAM scrapers are the 4 top choices in data breaches. Malwacre can be easily spread through phishing emails, which links directly to the most prominent threat.
Misconfiguration is considered a breach action variety, even though it’s not hacking related. That’s because it allows bad actors an easy access to databases that are left without any password authentication. Hackers don’t even need to do anything to steal user credentials that way.
Data Breach Entry Points
Let’s zero in on the biggest data breach entry points for malicious attackers. We know phishing and compromised credentials are two of the biggest causes overall. They feature again in IBM’s research.
However, IBM also highlights how vulnerabilities in third-party software are a big deal for hackers. Mobile and IoT devices (such as smartwatches, smart fridges, or fitness trackers), along with various web and mobile apps can provide a bounty of potential entry points for hackers.
Malware can be delivered through social engineering tactics, such as USB drops, malicious actors, system errors, and compromising business emails. Since 41% of businesses leave sensitive files unprotected and unsecured, it comes as no surprise that misconfigured cloud servers are such a popular target for hackers.
Hackers use a variety of methods to attack different industries. This means bad actors choose their tactics based on vulnerabilities specific to each sector.
Take the government and healthcare as an example. They’re most likely to be affected by ransomware that disrupts critical operations. Since they rely on access to their servers, they’re more likely to pay the required ransom to resume regular operations.
On the other hand, credential harvesting is the best way to attack retail, given the sector’s increasing reliance on eCommerce. IBM also observed that most spam attacks targeted the Education industry. This points to the sector’s low level of cybersecurity awareness.
Hackers Target Supply Chains
Hackers are not only targeting a company’s own systems in 2021. They’re now looking at that company’s supply chain to gain access to systems, devices, networks, and databases.
This is a relatively new development, too. Sonatype found that supply chain attacks targeting open-source software increased by 430% in 2020.
Malware: An Ever-Present Issue
As you’ve probably gleaned so far, malware consistently ranks as one of the top threats and cybersecurity concerns for businesses as it’s pretty effective at getting the job done.
What is malware though? At the very core, it’s any computer program designed to make someone’s day at work even worse than it already is. It downloads itself into your device and begins to spread viruses throughout its components. This includes ransomware, spyware, RAM scrapers, Trojans, and viruses.
However, new variants of malware continue to surface as businesses develop cybersecurity solutions to current applications. In short — hackers never rest and continue coming up with new ideas.
It’s essential for businesses to keep up because malware attacks are expensive. They cost an average of $2.4 million and take 50 working days to repair. This amounts to huge losses, including often irreparable reputation damage.
Top Hacking Malware
Speaking of malware: what malicious tools are hackers using? Botnets are currently leading the charts, as they’re involved in 28% of all network attacks. Also known as “robot networks”, botnets are a network of computers controlled by the same hacker or hacking group. They can be used for DDoS attacks, spam distribution, data breaches, and more.
A cryptominer is another type of botnet malware, but with a very specific purpose. Cryptominers recruit computers to mine for cryptocurrency. They constitute 21% of all network attacks and their prevalence is not surprising given crypto’s growing popularity.
Infostealers do exactly as their name suggests: steal your data. The most common infostealers are Trojans and keyloggers. The first one is supposed to collect existing details on your device, while the second records everything you type on your keyboard. Combined, they reveal your login credentials, payment data, and much more.
Top Three Vulnerabilities in 2020
Hackers continually exploit new vulnerabilities in devices as an entry point to hacks.
According to Checkpoint, these are three of the most commonly exploited vulnerabilities in 2020.
The first vulnerability was found in a Draytek Vigor router product line. A remote code execution vulnerability allowed unauthenticated hackers to take full control of systems. This vulnerability affected 27% of organizations in 2020.
The next vulnerability was found in F5’s BIG-IP — a networking device that allows users to manage their applications’ security, traffic, and performance. Hackers exploited a remote code execution vulnerability in the device’s Traffic Management User Interface (TMUI). This allowed hackers to gain full control over systems, often utilized by Chinese nation-state hacking groups.
The last vulnerability was discovered in several Citrix products. Citrix products allow users to network and access tools, apps, data visualization, and resources out of the office. As many companies moved towards a remote working model, hackers exploited issues with the products’ access controls and input validation, providing them with URL endpoints and information disclosure.
Ransomware Targets Specific Industries
Ransomware affects multiple industries since hackers target sectors that have a poor level of cybersecurity and/or rely on highly valuable and extensive customer data. This includes telecom & technology (75.4%), education (72.7%), finance (64.7%), and healthcare (59.4%).
Despite these stats, most businesses aren’t prepared for a possible attack. In fact, 50% of cybersecurity professionals believe their organization wouldn’t be able stop ransomware attempts. Without appropriate measures in place though, many companies face high recovery costs or even bankruptcy should they experience a cyberattack.
The higher the stakes, the more likely the ransoms are to be paid, which explains why ransomware attacks are very popular among hackers. Contrary to popular belief, the cost of downtime is more expensive than the ransom payment for many affected businesses. This is particularly true for healthcare, where patients’ lives can be lost when systems go down.
The Ransomware Cycle
With companies willing to pay an increasing amount to recover data, ransomware attacks are on the rise. Looking at the history of hacking and past trends, the possibility of being hit by a ransom attack is the highest ever, with one business experiencing it every 11s on average.
This endless cycle is motivating hackers to launch more ransomware attacks, so we’ll likely see more companies reporting losses in the future.
Ransomware Payouts Are Increasing
Hackers have been raising the price of their ransoms, too, as they become more certain that businesses will cough up the required amount.
Even though the ransom costs were high before 2020, they skyrocketed during the pandemic. That’s because of the wealth of important information circulating during COVID-19.
Certain sectors, such as healthcare and government organizations, were under immense pressure because of the pandemic. Any system downtime was critical, which encouraged hackers to charge significantly more: an average of $240,000 per attack. That’s a 33% increase compared to pre-pandemic years.
Phishing Is the Biggest Threat
Phishing attempts exploit human error and lapses in concentration. For all the cybersecurity tech businesses can integrate, human error is ever-present and unaccountable. Hackers will continue to utilize phishing as long as employees remain in the dark about its dangers.
Over 55% of IT decision-makers agree that phishing is the number one security threat they face. Concurrent with a general rise in cyber incidents and COVID-19-related scams, Symantec found that phishing attempts increased in 2020 after a period of decline. Currently, 1 in every 4,200 emails sent includes a phishing attempt.
The increase in phishing attempts stems from its effectiveness. Checkpoint research shows that scam emails are opened 30% of the time — and 12% of targeted users actually click on a malicious link!
Social Engineering and Phishing Volume
Proofpoint researchers dug a little deeper into how often companies are attacked with social attacks that aren’t standard email-based phishing attempts.
The data shows that a range of other social engineering attacks are almost as common. 6 out of 10 organizations saw attacks through social media and the same can be said for SMS-based phishing.
Vishing (i.e. voice-phishing over the phone) happens to 54% of organizations. Meanwhile, 54% of businesses experience USB-based attacks, such as USB drops.
What Do Phishers Want?
Phishers primarily aim to gather account credentials when carrying out attacks. Verizon found that credentials were compromised in 60% of phishing breaches in 2020. Cofense discovered that credentials were leaked in 70% of all phishing attacks – a decrease from 2019 (74%).
Phishers are also after you PII — data that could allow them to carry out several other fraudulent cybercrimes. Internal data is also of importance to your average phisher, as are industry secrets.
The importance of credentials and PII to phishers is reflected in the industries they target.
APWG found that payment companies (15.2%), financial companies (22.5%), and SAAS/webmail companies (22.2%) suffered the highest percentages of all phishing attacks.
On a side note, big hacking groups are often after other types of information. 96% of hacking groups use phishing for “intelligence gathering” (collecting internal secrets and classified information).
Top Cryptojacking Malware
Cryptojacking attacks are becoming increasingly common as crypto becomes a valuable and sought-after currency. Roughly a quarter of businesses have been hit with crytpojacking attacks.
XMRig is the dominant form of cryptojacking software, accounting for 35% of cryptomining incidents worldwide. Other popular cryptomining programs include JSECoin, Lucifer, WannaMine, and RubyMiner. Their popularity differs between regions though. For example, Darkgaet is more popular in the EMEA region, while NRSMiner is common in APAC nations.
Cryptomining malware is often distributed through applications which hide mining botnets in their code. In fact, 25% of WordPress plugins are thought to contain critical vulnerabilities that makes them susceptible to cryptojacking code. It’s a popular distribution method as you wouldn’t immediately know you’re a victim, which gives hackers enough time to gather substantial wealth using your device.
Most Common DDoS Attacks
Even though DDoS attacks are less common than phishing attempts, malware attacks, or ransomware, they still hit record numbers in 2020 and caused critical damage to businesses.
Netscout recorded no less than 10,089,687 DDoS attacks in 2020. That’s nearly 1.6 million more than in 2019. Over this period, volumetric DDoS attacks have been the primary method used by hackers. These overload a network with traffic in order to consume all of its bandwidth, essentially taking it down.
Protocol DDoS attacks are the second most common type. They overwhelm the connection tables within firewalls or routers by sending a large number of network packets. As a result, websites take too long to respond and often crash.
Application DDoS is the least common attack. It consumes all of the resources of the origin server, whatever that application may be. By peppering the server with illegitimate traffic, legitimate requests cannot be processed.
Multivector DDoS on the Rise
DDoS attacks increased by 55% between January 2020 and March 2021. Over 50% of incidents used multiple attack vectors, which means attackers utilized multiple different points of entry.
Multi-vector attacks are more complex and therefore harder to defend against. The average DDoS attack uses 1Gbps of data — enough to disable most small to medium-sized websites. From January 2020 to March 2021, the biggest DDoS attack measured 500Gbps and used 5 vectors. And the biggest DDoS event in 2020 affected Amazon. Arecord 2.3Tbps of data was used in the attempt.
This was Part 1 of our Hacking the World series.
Read on for Part 2: What’s Being Hacked (And What Changed with Covid).
Or jump ahead to the next parts:
Part 3: Who & Where – The Hackers and the Hacked
Part 4: The Cost & Future of Hacking (Plus: Safety Tips)