Why Hacking is “On-the-Rise” – Opportunities abound for cybercriminals

More and more, we learn about retailers, financial institutions, health care providers and even government institutions tasked with keeping our information secure having serious data breaches.  From large, medium and small commercial businesses and banks to educational institutions, state departments of motor vehicles, and even local, state and federal levels of government, the computer hacking associated with data breaches and financial losses continues to ramp up.

In fact, according to the Identity Theft Research Center (ITRC): “The number of U.S. data breaches tracked in 2014 hit a record high of 783 in 2014…a substantial hike of 27.5% over the number of breaches reported in 2013 and a significant increase of 18.3% over the previous high of 662 breaches tracked in 2010. The number of U.S. data breach incidents tracked since 2005 also hit a milestone of 5,029 reported data breach incidents, involving more than 675 million estimated records.” [1]

As for the breakdown of breach incidents, the ITRC noted that: “Continuing a three-year trend, breaches in the Medical/Healthcare industry topped the ITRC 2014 Breach List with 42.5%of the breaches identified in 2014. The Business sector continued in its second place ranking with 33% of the data breach incidents, followed by the Government/Military sector at 11.7%. These categories were followed by the Education sector at 7.3% and Banking/Credit/Financial at 5.5%. [2]

According to the Privacy Rights Clearinghouse, more than 867 million records have been stolen from businesses, government agencies, nonprofits, medical providers and educational institutions since 2005 — with 30% of those leaked in the last year and a half! [3]

A Growing Crime of Opportunity

Quite simply, cyber thieves have a lot to gain from their investment of time and effort – and a variety of factors are converging to create an optimal environment for the cybercriminal, including:

  • Multiple Points of Entry: Technologies like mobile devices, social media, cloud computing and trends like “Bring Your Own Device” (BYOD) have created multiple points of entry for cybercriminals. Smartphones have become “pointof-sale” systems and crooks are ready to provide mobile malware to take advantage of retail shoppers and those banking online. Worse still, new malware designed to compromise the POS systems is expected to make detection even more difficult.
  • Unsuspecting Customers: Downloading mobile apps is dangerous for those who do not read or understand what “app permissions” they are allowing to unknown “sellers.”  People  wouldn’t knowingly open the door to a robber at home, but they willingly do it online.
  • Ease of Breach: Cybercriminals need not always do something sophisticated to gain entry into a computer system. They may simply make a phone call to a company or organization employee, identify themselves as a part of the organization’s IT team, request a password and gain entry into the system.  Despite the simplicity of this approach, research has shown passwords to be easily obtained.
  • Misunderstood Threat / No Defense: Small businesses often think that they are safe from cyber threats and have no policy in place to prevent attacks – despite the fact that many of them are dependent on the Internet for their daily operations.
  • Easy Access to Information on Social Media: With many people putting personal information online without adequately restricted access, social media has become a gold mine for gathering victims’ identity profiles.  Vacation photos from the beach when posted to social media may also notify burglars that a potential victim’s home is vulnerable.
  • The Internet of Things (IoT): Easy-to-locate IoT devices now deployed worldwide quite often lack the security necessary to prevent attacks and intrusions. They could even become bad actors themselves.  From the smart meter or nanny cam alerting burglars that no one is home to a household device that yields personal data, our devices may be used to compromise our security.
  • The Black Market: Criminals without the skills to hack into personal data can always buy it cheap and plentiful online in the black market – an efficient, sophisticated shadow economy that today includes a powerhouse of highly organized groups often connected with traditional crime.

Increasing Cyber Attacks in the Forecast

With a worldwide culture addicted to the use of smartphones and mobile devices, cybercrime is forecast to increase relentlessly despite the belated efforts of major intelligence and law enforcement agencies to catch up with the hackers.

Ubiquitous smartphones and tablets provide a gateway into almost everyone’s personal data.  Healthcare is expected to remain one of the sectors most targeted by cyber criminals because of the wealth of personal data being stored – more valuable than stolen credit card data – and the fact that criminal organizations specialize in attacking infrastructures that manage Electronic Health Records (EHRs).  Cyber attacks by state-sponsored hackers will increase due to the relatively modest commitment of resources required to cause extensive damage to an adversary.  And, IoT devices can be expected to be targeted with specifically-designed malware capable of causing significant data breaches and the sabotage of equipment.

Given cyber criminals’ seemingly endless capacity for innovation, perhaps one day the household fridge may act as a bot to launch a “denial-of-service” attack!

Stay tuned for an interesting future in cyber crime and cyber security.

 

CITATIONS 
[1] Identity Theft Resource Center Breach Report Hits Record High in 2014
Surpasses More than 5,000 Reported Breaches and 675 Million Records Exposed Since 2005,
January 12, 2015
http://www.idtheftcenter.org/ITRC-Surveys-Studies/2014databreaches.html

[2] Identity Theft Resource Center Breach Report Hits Record High in 2014
Surpasses More than 5,000 Reported Breaches and 675 Million Records Exposed Since 2005,
January 12, 2015
http://www.idtheftcenter.org/ITRC-Surveys-Studies/2014databreaches.html

[3] Marketwatch, 10 things scam artists won’t tell you, Priya Anand, Oct 3, 2014 http://www.marketwatch.com/story/10-things-con-artists-wont-tell-you-2014-04-25

INFOSEC Intitute: 2015 Security Predictions: The Rise of Hacking Campaigns – Posted in General Security on December 23, 2014

2015 Security Predictions: The Rise of Hacking Campaigns