According to reports, at least eighty five percent of all organizations have experienced phishing and social engineering attacks. This clearly indicates a sixteen percent rise in phishing and social engineering, solely in the year 2019. Other popular forms of cyberattacks include ransomware and supply chain attacks. Although cybercrime is at its all-time high, there have been several cybercrime attempts that organizations have foiled with the help of cybersecurity firms. These firms make use of ethical hackers and security experts to offer both preventive as well as damage control support. While preventive measures include penetration tests that nail down existing vulnerabilities, damage control includes retrieval of encrypted data.
The year 2019 has been an eventful journey with cybercriminals devising more and more creative cyber attack strategies. The victims of these attacks include government agencies, healthcare, educational institutions, small to mid-sized businesses and professionals. As most larger businesses have adopted sound cybersecurity measures, the cybercriminals were probably left with no choice but to target the government agencies and mid-sized businesses. With so much going on in the cybercrime arena, you may have definitely missed out on some of the action. To help you make up for that, we have compiled a comprehensive cybercrime report for the year 2019.Ransomware Attacks on Government Agencies
With the series of indictments against those involved in ransomware attacks, one may have assumed that these attacks may have declined. However, that is far from the truth as this form of cyberattack continues to be the most prevalent, and has increased by at least sixty percent. The public-sector agencies, schools, colleges, religious organizations, and mid-sized professional organizations such as law and accounting firms have been the key victims in 2019.The main malware used to launch cyberattacks in 2019 include GandCrab, Ryuk, Dharma variants, Rapid, and Phobos. Close to two-thirds of all cyberattacks have reportedly been launched against US government agencies. While some have resisted paying a ransom, most of them went for it probably because it was more economic. That’s something they probably learned from the City of Atlanta, which ended up spending $2.6 million to restore their systems. Now that’s quite high against the $52,000 that they could have paid in Bitcoin, as ransom.
Other municipalities that have been a victim of ransomware attacks include theCity of Louisiana which was hit by Ryuk malware, Pensacola, and several others. As the year is about to end,New Orleans seems to be struggling to find its way out of a cyberattack. On the other hand, the UK Government seems to be doing pretty well in the cybersecurity arena by issuing prompt alerts.Evilcorp — Russian Cyber Attackers involved in Phishing Unveiled
The year 2019 chronicles a record-high in financial cyber crimes such as phishing, and we simply could not avoid mentioning it in our cybercrime report 2019. From search results hijacking to using fake login pages, there’s no tactic that these criminals have spared. The worst of all phishing attacks has been the Russian cyberattack through a company called Evilcorp, operated by two Russians. One out of these two was a former employee of the Russian Intelligence, which indicates the possibility of a cyber global war.However, indictments have been issued against the two Russian cybercriminals who were allegedly involved in this crime. The indictment was preceded by a rigorous 2-year investigation that was carried out by the concerned authorities in the US and the UK. This Russian cyberattack caused losses of over a hundred million US dollars in 2019, by deploying Dridex, a Bugat malware. This money was then moved around by money launderers and eventually transferred to Evilcorp, which was operated and managed by the two Russians.
The US authorities have declared a whopping $5 million reward (the highest ever for a cybercriminal) for anyone who can provide useful information about the two Russians. Although that may seem a little too high, it isn’t much considering the fact that one out of the two cybercriminals caused additional losses of seventy million US dollars in a previous phishing attack. This previous cyberattack deployed a malware called ‘Zeus’.Supply Chain Attacks in 2019
According to sources, supply chain attacks increased by 78 percent in 2017 and 2018 and this year was no different. The most noteworthy supply chain incident in 2019 includestortoiseshell. Besides that, there have been close to 4700 attempts made in this direction and if you run a business then its time to adopt preventive measures. The only way to prevent supply chain attacks is by ensuring that all your associates, business partners, traders, contractors and everyone else meets certain security measures.Cyber attacks in 2020 — The road ahead
After intensive research, our cybercrime report 2019 concludes that there is going to be a possible increase in phishing and ransomware attacks in 2020. So, we would like to emphasize the need to be more careful about the attachments that you download on your computers, phones and other devices. In the year 2020, we expect ransomware attacks to continue victimizing the government sector, healthcare, and mid-sized businesses. While supply chain attacks would continue to target software companies involved in providing services to the larger ones. The only way to counter these cyberattacks is by maintaining regular backups and implementing strong security measures.As most cyberattacks are directed towards organizations, we understand how difficult it is to monitor a large number of employees and the attachments that they download. After all, it takes just one malicious attachment to breach the security of an entire organization.
So, we recommend that you consider investing in cybersecurity insurance that offers wide coverage. Also, organizations must hire the services of cybersecurity firms to identify vulnerabilities and to fix them. There are several European cybersecurity firms that you can hire to run regular penetration tests and plan necessary security measures. As a responsible financial intermediary, Small World prides itself for complying with the security protocols laid down by PSD2 and other advanced security measures.