Data is a valuable asset to any company, large or small - therefore it is attractive to cyber criminals who are constantly finding new ways to gain access and abuse data records to make money. Our threat intelligence team recovered an impressive 7.7 billion (7,715,379,868) stolen records from 618 databases this year and as we enter the next decade, cyber attacks are set to increase in complexity and sophistication.
This article reviews 2019's most notable security threats and incidents as well as presenting a futuristic overview of cyber trends that may arise in the upcoming year.
2019 - what happened in cyber security this year?
A quick summary…
Limited for time? Here’s a quick summary of what we saw in the past year:
- Scams and phishing attacks increased (attacks on both individuals and companies)
- Ransomware/malware and DDos attacks on governments and private companies increased (for the purpose of stealing information and for ransom)
- Mobile device attacks using fake apps increased
- Misconfigured server attacks increased (data collection and demands for ransom)
- Sophisticated attack methods and continued use of vulnerabilities on different types of databases/websites using exploits
- Large-scale hacks attacks on governments and different critical infrastructures increased (attacks on power plants, medical institutions, vital objects for life..etc.)
- Increase in Business Email Compromise attacks
- Misuse of internal systems by employees
- Cyber espionage and trade in important information between large countries
- Competition and point scoring between rival hacker groups
Large-scale cyber attacks on government institutions and critical infrastructure - especially medical institutions
The healthcare sector has been targeted en masse by cyber criminals over the last year, suffering an unprecedented number of ransomware attacks. Factors such as outdated IT infrastructure and a lack of cyber security expertise and resources are likely to blame. Trojans such as Emotet and TrickBot caused considerable problems this year infecting a number of healthcare institutions. Cyber criminals also exploited third-party vendors and employees through phishing campaigns and succeeded in compromising more than 25 million records.
IBM reported that the healthcare sector had the uppermost data breach cost at $429 per record. The most notable security incident in the healthcare industry from this year is the American Medical Collection Agency breach which exposed medical and financial data of nearly 20 million individuals.
Our intelligence analysts believe that cyberattack techniques will become more sophisticated in 2020, making it challenging for healthcare institutions to protect themselves. However, based on this year’s trends, attacks will mostly target people, not just technology. Therefore an improved, employee-centered security approach is required to mitigate cyber risks.
For the past few years there has been an upsurge in the number of breached companies where criminals have succeeded in compromising valuable data. Information has ranged from the theft of medical information, account credentials, corporate emails and sensitive company data - however there has been a notable increase in business email compromise attacks.
Statistics show that data breaches exposed 4.1 billion records in the first half of 2019 alone (RiskBased) while the average time to identify a breach was 206 days (IBM). A comparison between the 2017 Verizon Data Breach Investigation Report and the 2019 version reveals that weak passwords remain the biggest cause of data breaches. However, the causes of data breaches seem to vary. Unpatched vulnerabilities represent a very common reason for compromised data; this was the cause of the Equifax breach, for example.
In other cases, misconfigured servers exposed sensitive data to cyber criminals. From a total of 668,254,250 compromised records recovered by DynaRisk in October 2019, over 50 million of them were from misconfigured servers. We also noticed a growth in the amount of information exposed by third-party apps this year.
Big data breaches in 2019
- “Collection #1” - 773 million records
- ElasticSearch - 108 million records
- Chinese Job Seekers (MongoDB data breach) - 202.7 million records
- Verification.io - 982.8 million records
- Breaches & collections by Gnosticplayers - 620 million records
- Third-party Facebook app - 540 million records
- Indian Citizens (MongoDB data breach) - 275.2 million records
- Canva - 137.7 million records
- First American - 885 million records
- Flipboard - 150 million records
- Capital One - 106 million records
- Orvibo Leaked Database - 2 billion records
- Social Media Profiles - 1.5 billion records
- Dubsmash -162 million records
- MyFitnessPal - 151 million records
- MyHeritage - 92 million records
- ShareThis - 41 million records
- HauteLook - 28 million records
- Animoto - 25 million records
- EyeEm - 22 million records
- 8fit - 20 million records
- Whitepages - 18 million records
- Fotolog - 16 million records
- 500px - 15 million records
- Armor Games - 11 million records
- BookMate - 8 million records
- CoffeeMeetsBagel - 6 million records
- Artsy - 1 million records
- DataCamp - 700,000 records
Ransomware attacks have continued to expand in 2019. Emotet-Trickbot-Ryuk, known as the ‘Triple Threat’, is considered to be the most successful ransomware campaign of 2019 in terms of the financial damage it has caused. Emotet is used as a dropper for the TrickBot trojan. TrickBot then steals sensitive information and downloads the Ryuk ransomware.
This year, threat actors not only focused on SMEs but also placed more effort into hitting large organisations. The goal has shifted towards scoring a huge payday by encrypting whole networks, not just a few PCs. Ransomware attacks are now capable of penetrating even the most advanced email security solutions with increased sophistication and automation, especially when it comes to the creation of Trojan variations.
The number of malicious actors impersonating companies in email-based malware campaigns soared in terms of both complexity and authenticity in 2019. Phishing kits available on the dark web, together with email addresses from breached databases, serve as the main reason for the notable upsurge. Large organisations such as Netflix, Thomas Cook, Amazon and HSBC have been spoofed by criminals during the last year, with the majority of criminals behind the scams being financially motivated. In the year to come it is especially important for consumers and employees to know how to recognise a phishing scam.
2020 - what to expect in the year ahead
AI used in Phishing
More sophisticated phishing techniques are expected to continue in the next year. Cyber criminals are shifting away from the scatter-gun phishing approach to specific, well-researched, bespoke emails, intelligently personalised to appear as genuine as possible.
Experts believe AI will be slowly introduced in the phishing process to develop highly targeted attacks by searching and collecting a vast amount of data in a space of short time. The information can then be used to predict online behaviours and spoof legitimate organisation in a convincing way, to trick customers into revealing sensitive information.
However AI can also be used as a dynamic security solution to minimise human errors and proactively monitor and fight advanced threats as well.
SMEs - a prime target
Verizon’s 2019 Data Breach Investigation Report revealed that 43% of 2019's cyber attacks focused on SMEs, and this number is expected to grow. Small businesses are less likely to have dedicated security resources and rely more on outsourced suppliers and software for their IT needs, which often leads to potential supply chain and infrastructure configuration vulnerabilities. Therefore, as new hacking technologies emerge it will be difficult for small businesses to stay on top of their cyber security risks without investing in in-house defense solutions.
Connectivity risky in the future
5G is set to grow in the next year, taking connectivity to the next level. Although 5G comes with opportunities for growth in many sectors, it brings new challenges for businesses in the cyber security space. The increase in the number of connected devices across the world will make it difficult for IT specialists to detect the vulnerabilities.
As enterprise collaboration platforms such as cloud devices and instant messengers help professionals to integrate their work, cyber specialists agree that these tools will be increasingly leveraged by attackers.
How to protect yourself against cyber threats in 2020
Education – a crucial factor
When it comes to cyber security, staying ahead of threats rather than reacting to them is always a more robust strategy. 2020 should be the year when organisations spend time and allocate resources into building resilient cyber security strategies. According to a study by IBM, human error is the cause of 95% of cyber security incidents. As malicious actors will always find new ways to compromise data, it is important that both consumers and employees are well-prepared to recognise and avoid scams.
Businesses should provide their employees with regular training, not just annually or during the induction process. Moreover, the strategy should go beyond the IT department making sure every employee has at least basic cyber security hygiene.
Tools that go beyond antivirus
With the right tools, the learning journey can be more engaging - cyber security needn’t be laborious and confusing. Our SME product can form part of a resilient cybersecurity strategy for your business, providing your employees with tailored tools and something tangible to work with. Alternatively, our home plans can protect you and your family against threats in ways antivirus can’t.
The cyber insurance market is rapidly growing and both small and large businesses across all sectors are beginning to acknowledge the value of cyber policies in today’s increasingly complex and high-risk digital landscape. Insurance companies can provide complex incident response strategies that comes to saving your company from cyber attacks. However, the level of risk will vary depending on a company’s internal and external factors. Cyber insurance is also becoming more widely available for consumers and as time goes by, it’s likely we’ll see cyber covered under home insurance policies.
Although cyber threats can be unpredictable, prevention is possible with the right infrastructure and training in place. Security solutions should be adaptable and empower employees to be productive, safe and collaborative. The tools available to consumers should also go beyond antivirus and address online behaviours. DynaRisk’s team is constantly working to provide relevant, effective and tangible solutions, which aim to protect your digital footprint over time.
Altogether, an exciting year lies ahead: new threats, challenges, and an increasingly connected world means the topic of cyber security will be on everyone’s agenda.