RIO DE JANEIRO, BRAZIL – Cybercriminals are becoming more efficient in monetizing their activities. A report released by the Internet Society on Tuesday, July 9th, estimates that more than two million incidents in 2018 resulted in losses of more than US$45 billion, the equivalent of about R$170 billion.
Although this is a record figure, the total number of violations and leaks fell last year. In other words, cybercriminals are improving the profitability of their attacks. Cryptocurrency hijacking, ransomware, and credential stuffing were some of the criminal methods in evidence in the report.
Among the main trends identified by the Internet Society study, is the growth of crimes related to cryptocurrencies, which are difficult to trace and provide a direct path to income from infiltration. Cryptojacking cases, a practice in which criminals hijack devices to undermine cryptocurrencies without the owner’s permission, have tripled.
Another practice on the rise is fraud through corporate email, which has diverted US$1.3 billion (more than R$4.8 billion) in 2018. People posing as salespeople or executives deceive employees and eventually send money or gift certificates, which results in losses for institutions. Last year registered double the number of these cases compared to 2017.
The financial impact of ransomware increased by sixty percent in 2018, despite the overall reduction in attacks by this technique. The primary targets were the state and local government computers in the United States since public agencies are often vulnerable because they use obsolete machines and operating systems.
The report also shows the spread and evolution of supply chain attacks. Invaders infiltrate e-commerce and other business sites through third-party content and credentials or vendor software. Hijacking user log-in data is used in credential stuffing cases when criminals use stolen information to attempt to login to other services — after all, it is common for users to repeat passwords, no matter how bad they may be.
According to the Online Trust Alliance (OTA), the Internet Society’s web security initiative, actual numbers may be even higher, as many online crimes are not reported at all. Besides, the institution reinforces that most violations could have been easily prevented. It is estimated that 95 percent of the 2018 cases could have been averted with simple digital security measures.