HackerNet

Threat stats What they tell us about the state of cybersecurity

Threat stats: What they tell us about the state of cybersecurity

Cyberattacks are becoming increasingly sophisticated and common, and businesses and individuals of all sizes are at risk. By understanding the latest threat statistics, we can better protect ourselves from these attacks.

Here are some of the key threat statistics from 2023:

  • The average cost of a data breach is now $4.35 million, up from $3.92 million in 2022.
  • Ransomware attacks are on the rise, with the average ransom payment increasing from $116,000 in 2021 to $210,000 in 2022.
  • Phishing emails are still the most common attack vector, with over 90% of successful attacks starting with a phishing email.
  • The number of vulnerabilities reported each year continues to increase, with over 20,000 vulnerabilities reported in 2022.
  • The attack surface is expanding rapidly, with the growth of the Internet of Things (IoT) and cloud computing.

These statistics show that the threat landscape is constantly evolving and that businesses and individuals need to be vigilant in their cybersecurity efforts.

Breaking Down Modern Cybercrime

For an example of an organization that faces constant threats, let’s examine Cisco’s Umbrella Cloud Architecture defence, which is a global cloud defence system that deals with billions of online transactions daily. An analysis of their usage in November of 2021 provides a snapshot of the type of crime that is currently being engaged. Below you’ll find a chart that breaks down the types of attacks across one month.

A pie chart detailing the types of attacks by percentage across one month.

You’ll notice that a prominent attack type highlighted in this chart is adware, which is a type of software that frequently shows ads to a user and is typically installed through deceit or without consent. The other category consists of various, less common attacks, such as a browser hijacker. This is software that alters a user’s web browser without permission, usually to direct the user toward a particular website. However, this reading will focus on the three most common types of attacks that are capable of doing extensive harm to a user’s computer or a system; these are Trojan, ransomware, and botnet attacks.

Trojan Attacks

The most frequent attack indicated in the chart is a Trojan attack. The name is a historical reference to the battle of Troy when the Greeks were said to sidestep the defences of the Trojans by tricking them into wheeling a wooden horse full of enemy soldiers into their city. This is an umbrella term that covers several attack types, including the following:

  • Exploit Trojans 
  • Downloader Trojans 
  • Ransom Trojans 
  • Backdoor Trojans 

While Trojans will behave differently depending on the type, the common trait of this approach is that a user inadvertently introduces malicious code into the organization and triggers it behind the defensive walls. The best defence against trojan attacks is to practice vigilant internet usage. Some guidelines are to never click on an unsolicited email with unexpected attachments, and always examine domain names and links before clicking on them. Be particularly vigilant with misspellings, such as zeroes that have been replaced with O’s, a trick used to lure an unwary user into bringing the horse behind the gate. Below you’ll find an example of a potentially malicious email, along with a list of general warning signs to be aware of.

Warning signs of a potentially malicious email.

Ransomware Attacks

The second most common type of attack from the previous data is ransomware. Recall that ransomware is an approach to cybercrime that is designed to disrupt services. This approach is featured frequently in the news due to the scope of impact. It is not uncommon for these attacks to occur on a national scale, with infrastructure and vital services being the target. Recent examples include:

  • Ireland’s Health Service’s Executive (HSE) in 2021.
  • Critical Ukraine infrastructure in 2022. 
  • Costa Rica, which declared a state of emergency when 30 institutions of government were held to ransom. 

The methodology behind these types of attacks is to gain access to a system and lock out the legitimate owner until a demand has been met. One approach to best mitigate against this type of attack is to ensure that no external actors gain access to your system. Best practices for achieving this include the following:

  • Use strong passwords. A strong password is difficult to guess and typically would include a mix of characters, numbers, and symbols. 
  • Keep your system up-to-date with the latest security patches.
  • Ensure that only people with authorization for a system can use its system. 

Botnet Attacks

Next is Botnet attacks, which represent 13% of the documented attacks in the chart above. A bot can be defined as an online software program that performs automated and repetitive tasks. They are a means of creating a Denial of Service to an organization. If a Trojan attack is a subtle attempt to circumnavigate an application’s defences, a bot attack could be described as a full scaling of the walls, as depicted below.

A diagram depicting a bot attack.

These attacks are orchestrated so that a system is plagued with innumerable requests for information and services. These requests can come from any capable devices on the Internet of Things (IoT) that have an IP address. The IoT relates to devices online and will be covered in more detail later. 

This type of attack can be coupled with the trojan attack when some of the code maliciously embedded in a system is used to request another system. In this way, an attacker makes use of someone else’s digital resources to negate the resources of a targeted victim. One defensive approach to mitigate against these types of attacks is to monitor network traffic for suspicious activity. If a particular source is identified as making repeated calls that impact the operations of a system, then this address can be blocked. However, more sophisticated approaches must be employed when a variety of compromised systems are used. 

Conclusion

As you may have concluded, cybercrime is a broad field that encompasses a variety of means of extorting money from an organization. This ranges from stalling business activities to removing items of value, such as user information. 

In this reading, you became familiar with the most common cyberattack approaches that affect real organizations and how they can be implemented. You were also made aware of some actions that can be taken to mitigate the risk of such attacks occurring.

Note: This Article was collected from the Coursera Microsoft cyber security analyst Course.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Trending