The last few years have seen unprecedented growth and an increase in the number of hacks reported by organizations in every sector.
This has been driven largely by the pandemic, and the subsequent shift from office culture to working from home, making nearly all processes as virtual as possible. This shift has increased the chances of a hack by 20%, brought about by a host of vulnerabilities that were advantageous to hackers who readily exploited them.
This hacker report will elucidate the reasons for hacking, common targets, events after hacks, top vulnerabilities that facilitate such events, best practices, and lastly, the future trends in hacking. Let’s dive in!
Latvian Cyber Attack
Timeline: January 2023
According to Latvian authorities, a group of hackers with connections to Russia attempted to carry out a cyber espionage operation via phishing tactics against the country’s Ministry of Defense. However, the Latvian Ministry of Defense declared that the operation was unsuccessful.
Reasons For Hacking
Let us take an in-depth look at some of the factors that motivate hackers to carry out attacks on their targets to gain sensitive information.
1. Malicious Intent
Around 76% of hackers are in it to make money through bounties by profiting off of stolen sensitive information like healthcare patient records, social security numbers, ID proofs, prescriptions, and more.
Financial gains are aplenty when they gain access to one’s bank accounts, and passwords, or through holding private information of yours for ransom.
They can take out bank loans, transfer funds from your bank account, and more putting you and your financial security at total risk.
With the ever-increasing reliance on electronic gadgets for banking like mobile phones and internet banking, such incidents are becoming more common.
85% of hackers carry them out not for malicious purposes, but rather to learn the process and also expand their skill sets. Such activities can not only help them advance their skill sets, but from an ethical POV, they can help in the discovery of vulnerabilities.
3. Ethical Services
In this scenario, the hackers don’t care for the money or about bringing about any ill effect, rather it’s all about discovering any vulnerabilities that could result in major hacks, breaches, or data leaks.
There was nearly a 63% increase in the number of vulnerabilities found by hackers in 2021.
Such hackers provide their services to organizations to protect and defend their data, applications, and services.
Commonly Targeted Industries According To Hacker Report
Some of the industries that are commonly targeted by hackers are healthcare, government organizations, finance, education, and research among others.
The Healthcare sector saw a 60% increase in attacks from 2021 with an average of 1426 attacks per week. Healthcare organizations like hospitals, pharma companies, and research centers are increasingly becoming favored targets for hackers due to their having a gold mine of valuable personal information. 30% of most data breaches occur in large hospitals with a record of exposing patients’ private health information.
- 80% of the reported healthcare breaches by U.S. HSS were accounted for by hacking while the remaining 15% was accounted for by unauthorized access.
- Texas Tech University Health Sciences Center was hit by a data breach due to a hacking incident that was reported on June 7, 2022. The breach affected over 1,29 million people.
- 2020 saw nearly 240 million hacking attempts with Cerebro accounting for 58% of threats, Sodinokibi at 16%, and VBCrypt at 14%.
- 90% of healthcare institutions have experienced at least one security breach in the previous few years.
Government data often ends up getting stolen for financial gain and or espionage. Sensitive government information can be worth quite a lot since this can be military based, based on highly confidential research, or emails containing sensitive crucial information.
Security incidents in the government sector experienced exponential growth in 2020. But authorities are actively trying to improve their cybersecurity and taking actions to prevent cyberattacks, especially government-sponsored ones.
The average cost of a data breach and hacking for critical infrastructure organizations was put at $4.82 million dollars. Insider threats account for approximately 30% of all cybersecurity incidents in government departments and organizations.
- Industry experts estimate that the U.S. government faced costs of over 13.7 billion U.S. dollars as a result of cyberattacks in 2018.
- The U.S.A. faced around 83 government and military data breaches at 5.63%.
- 68.2 percent of government organizations surveyed by CyberEdge were compromised by one or more cyber attacks throughout 2021.
The financial sector experienced 137 breaches in 2018 that exposed 1.7 million accounts. Such attacks have only continued to increase in the financial sector over the years.
Around 44% of data breaches in the financial sector or insurance sector can be due to insider threats.
- According to IBM and the Ponemon Institute, the average cost of a data breach in the financial sector in 2021 is $5.72 million.
- Over 90% of all successful cyberattacks start with phishing attacks in the financial industry.
- Attacks targeting financial applications increased by 38% from 2020 to 2021.
Educational institutions like universities, colleges, and even schools are increasingly facing cyber threats when compared to previous years.
This was accelerated by the onset of the pandemic which introduced a shift in the medium of classes from offline to online.
Breaches in the educational system can lead to the divulging of license or passport information, accounting information, social security numbers, and more.
Events After A Hack In Detail
This section will shed light on what happens after a hack occurs on two fronts, i.e. what hackers do with the stolen information as well as what you should do once a hacking attempt has been identified on your systems.
What Do Hackers Do With Stolen Information?
It’s estimated that cybercrime earns cyber criminals approximately $1.5 trillion every year. This is additional to the damage that is caused by them to their targets which cost around $ 6 trillion in 2022 alone.
Hackers can do a variety of things with stolen information, and none of them are good. At 18% hacking was the second top cause of loss in SMEs for incident cost. A prime example of this is when Yahoo experienced a data breach affecting nearly 1,000,000,000 individuals due to a malicious outsider who gained access through identity theft.
The information stolen is used to:
- Fraudulent, exorbitant purchases under a stolen identity.
- Access to victim’s financial accounts.
- Gain access to medical care with stolen health insurance.
- Selling information for money on the dark web.
- Participating in malicious illegal activities under the stolen credentials.
Now that we have seen some of the possible fallout events of a hack, let us see what needs to be done right after such an attack has been identified.
What Should You Do When You’ve Been Hacked?
The average cost of a data breach increased by 2.6% to $4.35 million in 2022 from $ 4. 24 million dollars in 2021. This brings us to the question, what can you do to minimize the damage from such an event? Or where to start to regain access to your accounts? Well here’s a brief list of things you can do when you’ve fallen victim to such an attack.
- Ask Why- Was any specific system of yours containing highly sensitive information targeted? What components of your personal or professional life were affected, bank accounts, project plans, email access, or more?
- Password Reset: The very initial and easiest step to gaining control of your assets is by changing the password to all your accounts, from email to bank accounts. Ensure to not rinse and repeat the passwords everywhere since this makes your systems more compromisable.
- Scans and Audits: Conduct malware and antivirus scans to ensure that any malware or viruses injected into your systems can be detected before the recovery can take place. Conduct security audits to ensure that no other systems have been affected indirectly by an attack on one system. It can be a hit or a miss, but it’s safer to be sure than it is to be sorry.
- Take Back Control: Take back full control of your accounts after going through the verification processes set up by various platforms. For example, account recovery for an email and changing the security setting for your bank account will look entirely different.
Now that we have seen some of the steps to be taken after the identification of a hack, let us see the top vulnerabilities that facilitate such events.
Top Vulnerabilities That Facilitate Hacks
Some of the top vulnerabilities that compromise a computer, network, cloud, and mobile systems and leave them more susceptible to hacks are:
- Poor Identity and Access Management
Poor IAM ( identity and access management) can lead to the wrong individuals being granted access to sensitive information. This is where proper authorization and authentication play a crucial role since they can help prevent unauthorized access.
This is especially concerning when access is still available to previous and inactive employees. Lack of role-based access is yet another reason for such a risk to arise.
- Injection Flaws
This includes injecting malicious codes into the SQL servers (SQL injections) or into the browser via (Cross Site Scripting) which can result in the loss or manipulation of sensitive data.
This includes using software or systems that haven’t been regularly or properly updated, running unnecessary software, or buggy applications. This can be prevented with continuous monitoring and testing of applications.
These are some of the vulnerabilities that can result in your applications, and or systems being compromised with ease. Take steps to ensure that these vulnerabilities are identified and remediated on time.
Best Security Measures Against Hacks
Here’s a list of the best security measures that can help protect your assets from falling prey to a cyber attack.
- Use Strong Passwords
Do not use old passwords or passwords that are easy to guess like the date of birth and or names of family members. Set different passwords for each and every account rather than rinsing and repeating the same old ones.
- Destroy Old Documents
Shred or destroy any and all documents containing sensitive information that isn’t in current use. Wipe old computers and mobile devices, USBs, etc before scraping them or selling them.
- Enable Multifactor Authentication
Enabling two or multi-Factor Authentication can drastically help reduce and avoid falling prey to cyber-attacks. This is because the data obtained through phishing or hacking if successful becomes redundant due to the further authentication steps in place.
- Cybersecurity Software
Opting for a well-established and experienced cyber security software can help in the detection and blocking of such phishing or hacking attempts thereby keeping the company and its data secure.
- Employee Training
Giving company employees regular training on secure data handling practices, tips to look out for in recognizing phishing emails, having a top-notch security system in place for their devices, and other similar measures can drastically reduce the chances of being a victim of a hack.
- Be Cautious About E-mails
Always be cautious about e-mails received. Check for spelling mistakes, immediate requirement subject lines, company details, whether an email has previously been received from the same address, is it trustworthy, these are some of the questions and points that one should take note of when checking emails that look suspicious.
This article has given you a detailed hacker report with relevant data to back it up. Along with this, it has broken down the statistics of hacks based on the industries affected, the intent of the attack, events followed after a hack, and more.
Deploy the steps mentioned in this article to stay ahead of any attempts at cyber attacks with ease and without worry.