[BreachExchange] Cyber Security Facts That Need To Be Seen To Be Believed

Audrey McNeil audrey at riskbasedsecurity.com
Tue May 30 19:41:32 EDT 2017


In light of recent catastrophes, cyber security is a hot topic and each day
the industry grows larger and more dramatic. The latest statistics show
that there has been an astronomical growth in the amount of malware being
launched — up to 230,000 samples every day. While cybercrimes many times
target celebrities, banks, and corporations, individual users are also
victims of hackers. The information security landscape is constantly
changing, but here are a few cyber security facts that need to be seen to
be believed.

Costly Computer Viruses
There have been multiple viruses such as ILOVEYOU, Conficker, and Code Red
that have each amassed damage costs of a few billion dollars. Even more
widespread and self-replicating was SoBig. This worm and Trojan camouflaged
itself as something other than malware, spread via spam emails, and
resulted in $37 billion in damages. Topping the list, MyDoom was unearthed
in 2004 and led to over $38 billion in damages. The virus targeted the
Microsoft Windows Operating System, infected an estimated 25% of all
emails, and is considered the most damaging computer virus to date.

Exploit Kits and Software Vulnerabilities
Did you know that a hacker can obtain full access of your computer with a
single click on an infected advertising banner? The vulnerabilities are
linked to software such as Adobe Reader, Mozilla Firefox, or Oracle Java,
meaning that since the majority of computers have these programs, the
majority of computers are vulnerable to exploit kits. In 2006, MPack was
released by Russian software crackers and infected up to 160,000 PCs,
including those of the Bank of India, with keylogging software.

Social Engineering
In terms of information security, social engineering is the psychological
manipulation of people that leads to individuals divulging confidential
information or performing desired actions. One of the most common cyber
threats, this is a confidence trick with an intention of gathering
information, committing fraud, or obtaining system access. Spear phishing,
or sending emails from a trusted sender in order to obtain confidential
information (bank account information, credit card numbers, passwords,
etc.), is the most common type of social engineering, accounting for more
than 91% of attacks.

Frequency of Cyber Attacks
Cyber-attacks may be more common and happen more frequently than you think.
There are over 4,000 ransomware attacks every single day and an increasing
number of businesses being targeted. The United States has been the
recipient of most cyber-attacks and in just one year, actions by cyber
criminals led to over $100 million worth of damage to the U.S Department of
Défense. Some U.S. departments get more than one hundred cyber-attacks
every hour.
Unfortunately, many cyber-attacks leave both organizations and individuals
suffering financially. It is taking an increasingly long time to resolve
cyber-attacks, taking almost six months to detect malicious attacks. U.S.
organizations have been forced to pay over $12 million in annual damages,
and almost 70% of those funds were not able to be recovered.

Cyber Criminals
There are currently 27 individuals on the FBI’s Most Wanted List. They are
from all over the world, many are considered international flight risks,
and all have been indicted for multiple, and serious, crimes. Consumer
losses of up to $100 million have been attributed to a few of the criminals.

Social Media Risk
Hackers love the ease of attacking people by using social media. There are
almost 2 billion social network users worldwide, with an expected 2.95
billion users by 2020. With almost two-thirds of internet users access
social media services, this opens up many opportunities for cyber
attackers. From phishing to like-jacking to social spam in the form of fake
friends or reviews, one in ten social media users report that they have
been the recipient of a cyber-attack — contributing to an estimated 600,000
Facebook accounts that are compromised every day.

Government Cyber Attackers
It is hard to believe, but governments around the world actually make
internet users more vulnerable to attacks. Many governments are constantly
creating malware to use in espionage or as digital weapons. For instance,
the United States government has recently been discovered to be
controversially using ‘zero days,’ a potent software bug. When governments
discover and develop malware, it unfortunately accelerates the process for
Cybercrime damages are expected to reach an astonishing $6 trillion by
2021. With malware and related methods constantly evolving, it puts
governments, businesses, and individuals at risk for cyber-attacks.
Constantly in the news, cyber criminals have already done a lot of damage,
hurting individuals financially and socially, and have largely become
unstoppable. Be prepared to see more interesting cyber security facts in
the coming years.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170530/23a25c3d/attachment.html>

More information about the BreachExchange mailing list