Hacking the World – Part 2: What’s Being Hacked (And What Changed with Covid)
Following Part 1: Hacking Basics of our Hacking the World series, in Part 2 we’re focusing on what exactly is being hacked – from data to devices and applications. And, extending a nod to the impact the pandemic has had, we’ve also included several facts about hacking during times of COVID-19.
Need a refresher of key hacking terms and definitions? Read our helpful cybersecurity glossary, which we published in Part 1.
Jump to a section below, or read on:
Risk Data, Devices & Applications
The data, devices, and applications that hackers target with cyberattacks, and the methods they use to conduct these attacks.
Financial Records Are Vulnerable
Companies collect a treasure trove of sensitive customer data: names, addresses, bank details, credit card information, even medical records. All of this information is readily available to employees and poorly protected more often than not.
This is music to the ears of your average hacker. Financial data is valuable and can allow criminals to carry out any number of fraudulent activities.
The vulnerability and value of financial records explain why finance companies were such a common target during COVID-19. As employees worked hard to soften the ensuing economic turmoil, cybercriminals were busy leveraging phishing attempts, hacking systems, and capitalizing on employee errors.
Globally, the financial sector experienced a 238% increase in cyberattacks from February 2020 to the end of April 2020. Altogether, nearly three-quarters of financial companies were attacked in 2020.
Losing financial records is costly. According to the Ponemon Institute, cyberattacks cost the average banking company $18.3 million in 2020.
Financial Data Leaks: Root Causes
Hackers exploit web applications, miscellaneous errors, and “everything else” (including phishing and social engineering) in 81% of financial data breaches.
According to Verizon data, financial industry breaches are caused by external actors 65% of the time and internal actors 35% of the time. Breaches are financially motivated in 91% of cases — that means hackers are, for the most part, targeting financial records.
There are loads of ways that hackers can steal your financial data. Processor breaches, hacked merchants, hacked eCommerce sites, insider threats, malware, phishing, hacked ATMs, and point of sale hacks (i.e. hacked online checkout portals).
In the financial industry, hackers are making off with customer credentials in 35% of successful hacks and bank details in 32% of cases. At the very least, hackers gain access to PII (77% of breaches).
Healthcare Records Are Valuable
Healthcare records are targeted by hackers because of their high value.
Medical records feature a long list of unchangeable customer PII: names, dates of birth, social security numbers, medical histories, and employment histories.
Hackers can supplement attacks for several years when they obtain medical records, as opposed to other records like payment card information. These records are usually no longer useful after a single fraudulent attempt.
Healthcare Record Exposure: Root Causes
Hacking is the number one cause of data breaches in the healthcare industry. Valuable medical records are the target of hacks in the majority of cases.
Hacking incidents caused 67% of OCR published healthcare breaches in 2020. Hacking was also responsible for 92% of breached records.
This is a prevalent issue that only seems to be getting worse. Verizon notes that healthcare data breaches increased by 58% in 2020. A year that saw 30 million healthcare records exposed in OCR published breaches alone.
So how are hackers stealing medical records? Tenable research notes ransomware is the biggest threat to healthcare data. In 2020, ransomware attacks cost US healthcare institutions $20.8 billion.
Record ID Theft and Fraud Complaints
Hackers can carry out an array of fraudulent activities and different types of identity theft with medical records and financial records. The FTC received a huge increase in complaints in 2020. In particular, 1.4 million complaints were noted as identity theft, while 2.2 million public complaints referenced fraud.
U.S. losses from identity theft increased 42%, rising from $502.5 billion in 2019 to $712.4 billion in 2020. Three types of identity theft were most prominent in 2020: Government benefits applications, credit card fraud, and miscellaneous ID theft (i.e. online shopping/payment account fraud, email/social media fraud, medical/insurance/securities account fraud) accounted for the vast majority of reports.
Which Components Are Vulnerable?
Now let’s take a look at the most vulnerable devices, applications, and systems that hackers can target.
Mobile devices and IoT devices have a high risk of suffering a cyberattack.
Mobile devices often have outdated cybersecurity technology (older versions of Android & IOS are particularly vulnerable). They can suffer malware attacks from malicious apps or smishing attempts. In a Verizon study, 90% of companies suffered a mobile device compromise in 2020 and rated the effect “moderate” or worse.
IoT devices (everyday devices with microchips) may even lack cybersecurity features completely.
IoT devices are another vulnerable technology. IoT describes the “internet of things” — networks of physical objects interconnected with microchips. This could be smart heart sensors, for example, which relay data back to doctors.
What’s more, these devices are wildly unprepared to defend against the threat of hackers. The vast majority of sectors rate their IoT devices as “inadequate” to some degree.
Palo Alto calculates that 57% of IoT devices are potentially vulnerable to hackers. In a Forrester survey, 84% of cybersecurity professionals believe computers are less vulnerable to hacking than IoT.
This explains why hackers are focusing on IoT devices regularly. IoT attacks rose by 35% in 2020 compared to 2H 2019.
IoT: Areas for Improvement
IoT devices lack basic cybersecurity elements that make them vulnerable to attack.
Authentication features are the primary area in need of improvement. It’s simply too easy for hackers to gain access.
Access control features need to be updated, too, while data encryption should be far better.
Top Mobile Malware
Mobile malware is a concern for mobile device users.
Mobile malware can be installed on the user’s device through phishing attempts, malicious ads, or even mobile apps. In fact, 99.9% of discovered types of mobile malware can be found in third-party app stores.
Hiddad malware is the number one threat to mobile users. Hiddad is trojan adware that disguises itself inside various advertisements.
xHelper, Necro, and PreAMo are three mobile trojans that are utilized by hackers the world over. Xhelper is a trojan that hides as a cleanup virus, PreAMo is another ad-clicking software, and Necro is a bot that often hides in applications.
There are two differences throughout separate regions. Lotoor mobile malware is more common in EMEA and the Americas while Guerrilla is more common in APAC.
Smishing Attempts Affect Mobile Users
We’ve all received those annoying phishing texts: “Your parcel is arriving: Click this link to track your order.” SMS phishing is called “Smishing,” and, as things turn out, mobile users are targeted with this phishing method more than any other.
Mobile phone attacks got worse in 2020, too, as phishers leveraged COVID-19 related attacks targeting vulnerable users. Smishing attacks grew 328% in 2020.
According to NextCaller, 44% of US citizens reported an increase in scam phone calls and text messages at the beginning of the COVID-19 pandemic.
Elsewhere, social media attacks and email attacks were two more big phishing threats for users of phones, tablets, and other mobile devices.
Application Attacks Are “Concerning”
Web and mobile applications are vulnerable to credential-based attacks and PII harvesting.
Card/payment fraud is also of concern to IT professionals running web and mobile applications. Ad-clicking trojans are another prominent threat.
Malicious Apps: More Common Than You Think
Malicious mobile apps are shockingly common in 2021.
Secure-D blocked over 1 billion malicious mobile transactions in 2020. That’s 95% of all mobile transactions, totaling $1.3 billion in worth.
Over 45,000 malicious apps were identified. Gaming apps, tools & personalization apps, and entertainment & lifestyle apps were the three most frequently identified categories of malicious apps. These were found on Google Play or on third-party app stores the majority of the time.
Web Applications Are Targeted More Than Ever Before
Web applications, for that matter, are a fashionable target for hackers attempting to expose data. Verizon noted that attacks on web applications were part of 43% of data breaches in 2020. That means web apps are targeted twice as often as they were in 2019.
This makes complete sense. As workers moved out of the office and into remote work, the use of work collaboration and networking web applications has increased massively.
Hackers have simply chased users onto the platforms they’re using most.
Stolen credentials and app vulnerabilities were the two methods hackers used to exploit web applications.
Phishing Websites Are Getting Smarter
A word on phishing sites, which are becoming more advanced with every passing year.
Throughout the past few years, there have been tell-tale identifiers of a secure website. Should a website domain start with a “https” rather than a “http,” or should it feature a padlock symbol, then this indicates that the website has an SSL certificate.
SSL identifies a website as “secure,” or does it? Phishing sites are advancing to feature an SSL certificate. In fact, more than 80% of phishing sites features an SSL certificate in Q4 2020.
This is dangerous — boosting the effectiveness of phishing sites by essentially authenticating fraudulent sites as trustworthy domains.
Email: You’ve Got Malware
Email is an easy way for hackers to deliver phishing messages because it’s often readily available. Most people have an email address in plain view on social media sites, especially in a professional capacity, and data breaches leak email addresses all of the time.
Email phishing attempts still require victims to take some kind of action. 95% of emails containing malware need a user to do something, such as click a link or provide information.
The best way to avoid phishing attacks, then, is to do nothing at all. Especially if you think the email is suspicious.
Business Email Compromise: Top Subject Lines
Employees are frequently targeted with phishing attempts via email as hackers try to gain access to sensitive company files and systems. This is called “business email compromise” (BEC).
BEC attacks use urgent requests, payroll scams, and gift-card scams in 97% of cases.
Urgent requests, in particular, account for 85% of BEC attacks. 59% of urgent requests ask employees for help while 26% ask if they are available.
There are some key differences between BEC attacks and general phishing attempts.
Barracuda found that subject lines referencing financial topics are more common overall: “Payment status,” “purchase,” “invoice due,” and “payroll” all feature in the top 12 phishing subject lines affecting all users.
Social Media Is Untrustworthy
Social media sites have been somewhat of a data privacy nightmare over the last few years.
Users often highlight the intrusive data collection and sharing practices of social media providers and these sites often contain a number of cyber risks.
Phishing messages, fake accounts, and fraud are big issues. In fact, the RSA’s 2020 report found 500 social media groups dedicated to fraud. These groups contained some 220,000 members – 60% of which were on Facebook.
Fake accounts are one source of fraudulent malware. 12% of phishing URL clicks come from social media users. 20% of social media malware infections originate from site plugins or add-ons.
Perhaps the biggest worry for social media users is that their account credentials may have been leaked…
Which Accounts Are Often Compromised?
Billions of user records have been exposed by data handlers over the last few years.
Social media sites are particularly guilty of mishandling the data of billions of users. The likes of Facebook, Instagram, Twitter, and LinkedIn have all suffered damaging data leaks. As recently as June, LinkedIn leaked records affecting 700 million of its users.
Other significant social breaches include Facebook (2019, 533 million users) and Sina Weibo (2020, 538 million accounts). Adult Friend Finder’s 2016 leak impacted 412.2 million users with account credentials among the compromised data.
This explains why 51% of account takeover victims have suffered social media account takeover. Banking accounts make up 32% of cases and e-messaging services are the third most frequently compromised account, affecting 26% of victims.
Threats to the Public Cloud
Data collection is becoming customary as businesses move towards greater personalization and AI analytics. Companies hire servers from public cloud providers to store all of this customer data.
Hackers want this data for themselves and they pinpoint vulnerable servers. This is why 75% of cybersecurity professionals say they’re “very concerned” about cloud security.
There’s a distinct lack of qualified cybersecurity professionals at the moment and for many businesses, public cloud servers are a relatively new concept. This leads to human errors, such as platform misconfiguration, which can provide easy access to hackers and land businesses with hefty data protection fines. No wonder the cloud is a concern.
Attackers took advantage of vulnerable employees and servers during the onset of COVID-19 and remote work. Cyberattacks on cloud-based data stores grew 630% between January and April 2020.
The COVID-19 Effect
COVID-19 has added various cybersecurity challenges to businesses.
The shift towards remote working has opened up plenty of opportunities for hackers to target web applications and employees on insecure home networks.
Hackers have been able to leverage COVID-19-related scams, and certain sectors have been especially vulnerable to cyberattacks as they focus on the pandemic.
COVID-19 Increased Cybercrime
The COVID-19 pandemic prompted a 600% Increase in cybercrime. In fact, 4 out of 5 chief information security officers (CISOs) say cyberattacks increased following remote work.
Every threat imaginable surged during 2020, from phishing to malware to DDoS attacks.
According to Deep Instinct, malware attacks soared by a staggering 358% overall while ransomware attacks grew 435% compared to 2019.
DDoS attacks, as mentioned, increased 55% between January 2020 and March 2021. DDoS attack frequency was up 20% in 2020 compared to 2019.
While cyberattacks increased in frequency, IBM’s graph shows that hackers chose ransomware more than any other attack type in 2020.
The shift towards remote work suggests cyberattacks will only continue to rise. According to Malwarebytes, remote workers have been the root cause of a data breach in 20% of businesses.
Remote Work Impacts Cybersecurity
Remote working does not only provide hackers with plenty of targets to exploit: remote working increases the time it takes for organizations to respond to a cyberattack as well.
In IBM’s study, 54% of organizations required a remote workforce in response to the COVID-19 pandemic. Of these organizations, 76% believe remote working increases the time it takes to identify and contain a data breach.
That’s because organizations struggle to identify endpoints with so many employee laptops, computers, tablets, mobile devices, and IoT devices now in use.
Furthermore, the time it takes to detect a breach is one of the most important factors behind breach cost, second only to the cost of lost business. This is why 70% of organizations think remote working increases the cost of security breaches. IBM found businesses with a remote workforce incurred, on average, $137,000 higher costs per data breach.
Hackers Leveraged Scams and Malware
ENISA researchers identified spam as the most popular threat leveraging COVID-19 and any related themes. Spam mail accounted for 65.7% of COVID-19 related threats, and 26.8% of these emails contained malware.
In March, scams increases by a whopping 400%. COVID-19 related cyberattacks increased a further 30% in May 2020 compared to April, rising to 192,000 attacks per week.
Google was blocking record numbers of pandemic-related malware and phishing emails, too. 18 million of them in April 2020. By the end of the summer, the FBI stated it had seen 12,377 different types of COVID-related scams.
What Malware Did Hackers Use During COVID-19?
Different malware families were “in vogue” at different stages of the pandemic. Ursnif was one of the first malware families used in conjunction with COVID-related scams. Fareit and TrickBot were two more popular malware families used during the pandemic. Fareit is a credential-stealer while Trickbot is a theft/banking trojan.
COVID-19 Ransomware, Emotet, and Azorult were three of the most damaging malware families leveraging the pandemic. COVID-19 Ransomware was used to hold major organizations to ransom over their data. Emotet sends COVID-related phishing emails to a person’s contacts, and Azronult was used to steal credentials/information when downloaded.
Popular COVID-19 Related Scams and Hacks
As of August 5th, 2021, the US Federal Trade Commission (FTC) has received over 570,000 complaints of COVID-19 related scams at a total cost of $519 million. Three-quarters of these scams involve fraud or identity theft.
Phishing attempts referencing the COVID-19 vaccine are one of the most common complaints. Phishing messages usually imitate big health organizations and phishing messages often reference vaccine coverage, locations to get vaccinated, methods to reserve a vaccine, and vaccine requirements.
Malicious websites can take advantage of people’s COVID-19 fears and concerns by offering information on news, vaccines, testing results, and other resources. Ultimately, sites want to infect users with malware or retrieve credentials/card details.
Lastly, unemployment scams exploit vulnerable people by referencing unemployment benefits or the promise of cash prizes. However, their only goal is to defraud people.
Hacks and Vulnerabilities Involving COVID-19 Data
Institutions handling the response to COVID-19 have been the focus of many hacking groups throughout the pandemic. Some organizations have been hacked outright, while others have exposed data through vulnerabilities in their websites or applications.
Hacking groups targeted COVID-19 vaccine research in 2020. The European Medicines Agency (EMA) breach is perhaps the best example of a successful hacking attempt. Hackers accessed files on the Pfizer-BioNTech vaccine stored by the EMA during an evaluation.
Some big vulnerabilities may have allowed hackers access to tonnes of data, too. The PUA breach exposed applicant data through a website vulnerability and the US disaster loans application program leaked PII in its website’s EIDL application portal.
Meanwhile, programmers discovered a dangerous RCE vulnerability in Germany’s Corona-Warn-App – one of many COVID-19 apps found with security vulnerabilities.
Target Industries of COVID-19 Cybercrime
The financial industry was the most targeted sector in 2019 and this didn’t change in 2020.
Elsewhere, the manufacturing and energy sectors ranked as prevalent targets during COVID-19 after being the 8th and 9th most targeted industries in 2019. These are critical industries that were still operating during the pandemic.
Retail was ranked as the 4th most targeted industry, falling from 2nd in 2019. Meanwhile, healthcare rose from 10th in 2019 to account for the 7th most incidents analyzed in IBM’s 2020 review.
Spending Increased in Response to the Pandemic
As cyberattacks ravaged numerous industries, businesses had no other option than to increase their cybersecurity spend.
We see this trend in the upward trajectory of cybersecurity budgets. In a CyberEdge survey, 86% of IT professionals claimed their organization was now placing greater emphasis on cybersecurity investments. Over 50% believe their business has heavily reprioritized cybersecurity — a significant response to a significant issue.
This was Part 2 of our Hacking the World series.
Read on for Part 3: Who & Where – The Hackers and the Hacked.