Hacking the World – Part 3: The Hackers and the Hacked
Each week in October, as part of Cybersecurity Awareness Month, we’ll publish an article packed with facts and stats, to give you an in-depth look at the state of cybersecurity in today’s world. We’ll start with the basics, then cover vulnerabilities, risks, costs – and much more.
Need a geographical breakdown of hacking? If you’ve read Part 1: Hacking Basics and Part 2: What’s Being Hacked (And What Changed with Covid) of our Hacking the World series, then Part 3 should help clarify the “who” and “where” of what’s happening in hacking globally.
For a refresher of key hacking terms and definitions, read our helpful cybersecurity glossary from Part 1.
Jump to a section below, or read on:
The Hackers & the Hacked
Statistics on the individuals and industries targeted with cyberattacks, as well as the perpetrators who conduct them.
How Many People Get Hacked?
Inconsistencies in the identification, recording and reporting of data breaches since the beginnings of the internet make it almost impossible to know the total number of hacks (and exposed users) around the world in every past year.
For example, a lot of cybersecurity firms only analyze data on their clients and numerous nations/companies have inadequate cybersecurity practices.
That being said, the US has recorded cyber incidents since 2005, and, as one of the most attacked nations, the stats show a staggering amount of affected users.
Since 2005, nearly 2 billion sensitive US records have been exposed. That includes PII such as names, addresses, and credit card details.
According to the Privacy Rights Clearinghouse, over 10 billion US records have been exposed over that period in total.
Who is vulnerable to cybercrime? Fraud data from the Federal Trade Commission suggests older internet users are often victims.
According to Pew Research, younger age groups use technology more often than older adults, yet fraud complaints are less common in younger people.
Computer literacy is typically lower in older adults and the results suggest older age groups are more susceptible to cyberattacks and social engineering. While less active online, the 60-69 age group submitted the most fraud complaints in 2020.
Vulnerable Targets Inhibit Cybersecurity
No matter how advanced your business’s cybersecurity technology is, you can’t escape the human element.
Human error is a leading barrier to establishing effective cybersecurity programs. A low level of cybersecurity awareness, of course, opens the door for targeted social engineering attacks and lackadaisical cybersecurity hygiene. Educating employees is the best way to minimize this risk.
There is a noted scarcity of highly qualified cybersecurity professionals in 2021. The talent pool dried up as companies moved to invest in their security departments throughout the last 18 months, and this is now a major hindrance to businesses.
Poor integration between systems is another cybersecurity issue for businesses, while money is not the problem for the majority of IT departments.
Failure Rates Are a Vulnerability Indicator
Proofpoint crunched the numbers on their phishing simulation program to reveal the average “failure rate” by industry. The failure rate shows us how often organizations fail phishing attempts.
Generally, industries that are more susceptible to phishing attempts undergo a higher level of testing/general experience with phishing messages. Educating staff is critical, which is why healthcare and government organizations actually have quite a low failure rate.
The data suggests those industries that are not targeted as often are indeed more vulnerable to phishing attempts. Engineering, telecom, and mining stand out as three sectors with high failure rates.
The Worst Affected Industries
Education organizations suffer successful cyberattacks more than any other industry, according to CyberEdge.
92.3% of Education businesses suffered a cyberattack in 2020. Throughout the surveyed period, 90.3% of manufacturing companies were cyber-attacked and 87.4% of telecom & technology companies.
The finance and healthcare sectors are consistently earmarked as targeted industries, primarily due to their extensive stores of customer data.
These were two of the worst affected industries when we consider multiple breach incidents for each company. According to Verizon, 15% of all breaches involved healthcare organizations in 2020. 10% of all breaches affected financial companies, while 16% were public sector breaches.
Staffing Issues Cause Security Vulnerabilities
There are big issues in the world of cybersecurity employment. As the demand for cybersecurity professionals grows amidst rising cybercrime, there is a lack of talent available to fill the void.
The majority of teams report that they are understaffed. The cybersecurity talent crisis is nothing new, for that matter, and has been a prevalent issue for several years.
Worse still, this workforce shortage is directly impacting organizations. Over half of cybersecurity professionals claim their staff shortage is causing security risks. A high price to pay for a problem outside of most employers’ control.
The Biggest Hacking Breaches
These are the largest hacking breaches of all time. For the record, these only include breaches caused by hacking incidents — not through misconfiguration, lost devices, or other poor data security practices
Yahoo is the largest hacking incident and one of the largest breaches. Hackers used malicious cookies to imitate user authentication and gain access to accounts.
An affiliate employee downloaded malware onto Alibaba’s system to scrape over 1 billion records in 2019, while hackers exploited a vulnerability in one of SinaWeibo’s websites to expose over 500 million records.
More than 500 million Facebook records were scraped due to a website vulnerability and hackers were able to unencrypt account credentials for almost every Friend Finder account after a network hack.
Malicious Attackers Cause the Most Breaches
There are three ways a data leak can occur: A human error, a system glitch, or via a malicious attack.
Bad actors are behind 52% of data breaches. The Middle East suffers worst from malicious attacks with bad actors at fault for 59% of breaches. 57% of breaches in Germany are malicious. Canada is the nation least affected by malicious breaches. In Canada, malicious breaches account for just 42% of all data breaches.
In a separate study from Verizon, hacking (45%) was found to be the top cause of malicious breaches. Social attacks occur in 22% of breaches, and 17% of breaches include malware.
The majority of malicious attackers are financially motivated. 53% of hackers compromise data for monetary gains, 13% are nation-state hackers, and another 13% are “hacktivists.”
Hacktivists are hackers that gain access to data or disrupt organizations to advance social/political motivations. A hacktivist could prevent a target company from continuing its business operations, or they could steal files related to their cause.
Nation-state hackers collect information and disrupt other organizations on behalf of an affiliated government. China, the US, and Russia are three nations that are known to use nation-state attackers.
According to IBM, nation-state attacks are the costliest due to the sensitive information they often target. Nation-state attacks cost, on average, $4.43 million per breach.
Top Income Sources for Hackers
Illegal online markets such as the “dark web” are the biggest source of income for hackers. Hackers will usually sell stolen data online to turn a quick profit, leaving fraud, scams, and other forms of targeted cybercrime to the buyer.
Trade secrets and IP theft also net a healthy profit for hackers. Although these are not found as easily as customer PII, when obtained, trade secrets and intellectual properties can be sold at a high price to rival businesses.
Nation-State Hackers: Getting Worse?
Nation-state attacks are rising exponentially following a prolific period of activity.
2020 was a marquee year for nation-state hackers. State-led hacking groups capitalized on a general rise in cybercrime to exact chaotic attacks across a variety of rival government institutions and industries.
In a HP survey, 64% of security experts think this upward trend demonstrates a “worrying” or “very worrying” escalation in global tensions. Wars are no longer fought on battlefields, it seems, but rather in the shadows of the online world.
Hacking Mercenaries: An Economy of Deception
Despite government ties, nation-state hackers are part of the cybercrime economy.
In Dr. Michael McGuire’s study for HP, 65% of security experts say they think nation-states are profiting from cybercrime. 58% go as far as saying nation-states are hiring cybercriminals to carry out attacks.
Nation-state hackers trade tools, data, and services online to fulfill the interests of their government. Nation-state hackers may even hire other hackers to conduct their attacks for them—a practice designed to keep the spotlight pointing in the opposite direction.
Whatever the reason, experts concede that state-sponsored groups are directly funding organized crime, all in the name of a cyberwar. Certainly not a good look for those nations allegedly involved.
Who Do Nation-State Hackers Target?
Perhaps surprisingly, nation-state hackers target enterprises more than any other. Since 2009, 35% of nation-state attacks have disrupted businesses.
Cyberdefense is an expected target, accounting for 25% of nation-state attacks, while media and communications (14%), government institutions(12%), and critical infrastructures (10%) are three more areas of focus.
Top Hacking Groups
Big hacking groups have made an impact over the last few years. Between 2016 and 2018, the largest hacking groups attacked around 55 institutions on average.
Nation-state hackers like the USA’s “Equation Group” or Russia’s “Fancy Bear” have been locked in a “cyber-war,” with both entities launching huge political attacks. Although Iranian hackers officially attacked Iran’s nuclear program, the Equation Group is thought to have helped develop the Stuxnet program that brought it down.
Lizard Squad was notorious for hacking systems for “fun,” while anonymous has pulled off numerous acts of protest through hacking. Anonymous’ hack on Minneapolis P.D. following the murder of George Floyd is one recent and notable incident.
The majority of hacking groups are financially motivated. REvil is one such group. REvil received an $11 million ransom payment from its attack on JBS. They also conducted an effective breach on security company Kaseya, accessing systems for over 1,000 businesses.
Though, REvil also demonstrates how hacking groups can go missing under pressure from authorities. LizardSquad was disbanded in 2015 and all REvil sites have disappeared since the US urged Russia to take action.
Most Famous Hacking Whistleblowers
Three huge cybersecurity incidents have shaken the world over the last decade.
Edward Snowden stole and leaked groundbreaking revelations on the state of online privacy back in 2013. Though not strictly a “hacking” incident, Snowden exposed American data collection practices that changed the way we think about cybersecurity and online surveillance.
Julian Assange’s Wikileaks releases classified information from unspecified sources. Much of the data has been hacked or stolen from databases and includes infamous footage of US apache pilots gunning down civilians and references to US Army intelligence.
John Doe is the person behind the Panama Papers — a leak that exposed the greedy practices of the rich and politically privileged alike. The files included ways people managed to launder money and avoid tax.
The “where” of cybersecurity and hacking. Specifically, “where are hackers from?” and “where do hackers focus their attacks?”
Which Nations Have the Best and Worst Cybersecurity?
The Global Threat Index outlines the nations most open to cyberattacks based on their network traffic, attack traffic, and vulnerabilities.
The data is concurrent with research from the International Telecommunications Union (ITU).
The ITU found that Mexico, Mongolia, Afghanistan, Pakistan, Burma, and Ethiopia are all vulnerable to hacking attempts. Mexican companies have one of the worst levels of cybersecurity out there. Mexico ranked 52nd in the ITU’s Global Cybersecurity Index (GCI).
On the other side of the coin, ITU ranks the United States as the nation with the very best cybersecurity. The US scored a perfect 100 GCI score. US companies invest heavily in cybersecurity to combat a large proportion of hacks.
Other top nations include the United Kingdom, which had the second-best GCI score (99.54), and Saudi Arabia, which tied second with the same score. Estonia (4th), South Korea (5th), Singapore (6th), Spain (7th), Russia (8th), UAE (9th), and Malaysia (10th) round out the top 10.
Cyberattack Success Around the World
Colombian companies experience successful cyberattacks at a frighteningly high percentage. In Colombia, poor levels of cybersecurity mean the vast majority of businesses are an easy target for hackers.
91.5% of Chinese companies are successfully cyberattacked and the same figure is true for German companies. There are high volumes of cyberattack attempts in these two nations.
Mexican companies, like Colombian companies, are targeted with success due to their low cybersecurity ranking.
The US ranks 6th. American companies have a strong level of cybersecurity but the sheer volume of attacks US companies face ranks the nation high on this list.
Most Significant Attacks
The United States suffers more significant cyberattacks than any other country — defined as hacks that expose records causing $1 million of economic damage or more.
The USA is one of the most targeted nations by hackers of any motive. This is hardly surprising considering the huge economic, political, and cultural impact America has around the world.
US organizations have suffered more significant cyberattacks over the last 15 years than UK and Indian institutions combined. 2018 was the worst year for significant cyberattacks in the US with 30 total hacking incidents.
One of 2020’s major incidents occurred in June when Indian human rights activists were targeted with malware.
Germany is another nation that is frequently attacked. German organization Funke Media Group was hit with a ransomware attack in December 2020 which infected 6,000 company computers.
Which Regions Suffer the Most Cyberattacks?
IBM broke down the regions in which they’ve seen malicious cyber activity in 2020.
North America, Europe, and Asia all suffered a similar amount of attacks. North America was targeted far less often than normal, however, falling from nearly 45% of breaches in 2019.
Europe was the most attacked region, accounting for over 30% of cyber incidents in 2020. That figure has inflated since 2019 when Europe accounted for around 20% of attacks.
Asia was third, targeted by 25% of the incidents observed in IBM’s study.
Which Nation Has the Most Data Centers?
America has the largest volume of data centers in the world. In fact, the nation has over five times as many data centers as the next closest country, the United Kingdom.
America is an economic powerhouse, home to data-fueled industries and some of the biggest tech brands across the globe. It’s no surprise, then, that the United States requires a sea of data centers to process applications, transfer data, and store information. No wonder the nation is a popular target for cybercriminals.
America dominates the “hyperscale data center” category too—these are massive facilities used by the likes of Google, Facebook, and Amazon. 39% of hyperscale data centers reside within the US as of Q4 2020. The next closest country is China, which has a 10% share of all hyperscale data centers.
Threat Categories Around the World
Checkpoint’s data gives us a glimpse into the leading malware categories for each region.
Generally, organizations in the Asia-Pacific region are hacked with malware more than in any other area of the world. Botnet was the leading category. 30% of APAC companies suffered a Botnet attack in 2020.
The results are consistent across all regions: Botnet is the most prevalent malware, followed by Cryptominers, Infostealer, Mobile, Banking, and Ransomware.
Data Breach Cost by Region
A data breach can vary in cost across different regions.
Data protection legislation has a part to play. GDPR and the Federal Trade Commission are known to dish out some of the strictest punishments, and it’s no surprise to see the United States and a host of European countries at the top of this list.
However, there are more factors to consider. Data breach cost is heavily influenced by the severity of the data breach: the number of records leaked, the number of people affected, and the length of downtime.
The US suffers the biggest cyberattacks and therefore tops this list. The Middle East, Germany, and Canada all experience high levels of cyber activity, too.
Data Protection Around the World
Europe leads the world with its data protection laws, known as GDPR.
Africa has the second-highest number of countries with data protection laws, followed by the Americas, Asia, the Arab States, and the Commonwealth of Independent States.
The rise in cybercrime felt during the COVID-19 pandemic has been a stimulus for a greater adoption of data privacy regulations around the world. 133 nations registered data protection laws in 2020 and a further 15 are drafting new legislation.
Currently, 46 nations do not have data protection legislation in place.
Where Are Hackers From?
Akamai has the most recent study into the origins of cyberattack traffic. The results of the study are to be expected: China dominates the hacking landscape with 41% of all hacking activity.
The United States and Russia also feature high on the list. There are a couple of unexpected additions, however. Turkey features third in Akamai’s study with 4.7% of the world’s hacking activity. Meanwhile, Taiwan and Romania are two smaller nations that many may not have anticipated making it into the top ten.
Cybersecurity Staffing Gap by Nation
Some nations are suffering from the cybersecurity staffing shortage more than others.
The likes of Canada, Australia, and the UK have smaller cybersecurity workforce gaps than other nations, though, the deficits in these countries each still represent a significant total.
Mexico, Japan, Germany, and Brazil are four nations in desperate need of talent to bolster cybersecurity teams.
The United States, however, is faced with the biggest cybersecurity workforce gap. Almost 880,000 cybersecurity professionals are still not enough to fight high levels of cybercrime throughout the country, with more than 350,000 additional cybersecurity employees required to bridge the personnel gap.
Cybersecurity Staffing Gap by Region
So, which regions are desperate for cybersecurity professionals?
Despite problems in the US, North America is in a better shape than Latin America and Asia-Pacific. Two-thirds of the global demand for cybersecurity staff comes from organizations in the APAC region—a staff shortage of over 2 million.
Altogether, there are 3.12 million open cybersecurity positions in organizations across the world. This total has, at least, decreased slightly in recent times, falling from a global workforce gap of 4.07 million in 2019.
The Source of Spam
Now let’s turn our attention to spam mail and phishing messages — all of us have to deal with spam on a daily basis, so it helps to know where it’s coming from!
Russia is the king of spam. While a large portion of spam messages originate in China and the US, Russia sends more spam than anyone else, accounting for 22.47% of spam messages.
GDPR Hot Zones
Which European jurisdictions are enforcing the General Data Protection Regulation (GDPR) rule with sanctions?
Italy is currently leading the way with nearly €80 million of GDPR fines. Germany isn’t far behind—one of the hotspots for data leaks and cybercrime throughout the EU. Elsewhere, France, the UK, and Spain have all issued large totals of fines.
That being said, EU nations have been criticized for failing to enforce GDPR with significant punishments. That may be about to change: Luxembourg recently fined Amazon a record €746 million for multiple breaches of GDPR. Should Amazon fail with its appeal, Luxembourg’s fine could go down as one of the largest data protection sanctions of all time.
Who’s Investing in the Cybersecurity Arms Race?
A “cybersecurity arms race” is taking place in major economies such as the US, China, Russia, and the EU.
Why? Governments are realizing the importance of cyber defense, as well as building their own arsenal of deterrents, amidst rising tensions. People are calling the spate of recent nation-state attacks a “cyberwar.”
It’s clear that hacking and cyberattacks are an ever-growing threat to international security. According to HP, 70% of security experts believe a “cyber-treaty” is needed between states to stop things from getting out of hand. A further 30% don’t think that such an agreement will ever come to fruition.
This was Part 3 of our Hacking the World series.