No year before has made more headlines in digital crime than 2018. This is the conclusion of the latest edition of the Hornetsecurity Cyberthreat Report. Not only the quantity of crimes has increased rapidly, but also their quality. According to a spokesman for the State Criminal Investigation Office (LKA) Lower Saxony in response to a request from the German newspaper “Hannoversche Allgemeine Zeitung”, the number of criminal activities via the Internet alone has increased by 30% in recent years.
Cyberattacks such as Advanced Persistent Threats, Malware and Spam as well as the transfer of “typical” criminal activities to the online world are responsible for the rapid increase. These criminal activities include trading of weapons, drugs, illegal pornography and counterfeit papers. “The criminals use the possibilities of digitalization extensively, not only in communication”, says LKA spokesman Marius Schmidt. In particular, the Darknet is becoming increasingly significant.
The number of unreported cases is massive
According to the Cyberthreat Report cybercrime is the world’s third largest threat after environmental disasters and political tensions. In 2017, the Federal Criminal Police Office (BKA) was able to identify almost 86,000 cases of cybercrime in Germany – an increase of four percent compared to the previous year.
The cost of the damage caused by cybercrime increased just as rapidly. Whereas cybercrime in Germany caused economic damage of 50.9 million euros in 2016, 71.4 million euros were lost in 2017. The worst thing about these numbers: These are only financial damages caused by cases registered by the BKA. Experts estimate that this number represents only 9% of the total loss. That means there are more than 90% of unreported cases .
But why is the number so high? Experts assume that cyberattacks are often noticed far too late, or not at all. However, in many cases they are not even reported to the relevant authorities by the companies concerned. This is due to the concern about loss of reputation and image. The latest massive cyberattack on the Marriott hotel chain is a classic example of such an incident. For years, hackers stayed unnoticed in the network of the world’s third-largest hotel group and, among other things, captured credit card data from half a billion customers. The German industry association Bitkom comes to completely different results due to such cybercriminal incidents. It recorded an enormous amount of damage of 55 billion euros.
Advanced Persistent Threats still very popular
As in 2017, the popularity of Advanced Persistent Threats among cyber criminals continues uninterrupted. With the attack on the French construction company Ingérop, the hackers once again proved the significant threat potential of such sophisticated cyberattacks. They succeeded in transferring malware into the IT infrastructure by means of a professionally designed phishing campaign on employees of the Group. This served as a door opener for a large-scale data theft. The hackers captured a total of 65 gigabytes of sensitive data, including construction plans for nuclear facilities and high-security prisons. Furthermore, sensitive personal data of a total of 1,200 Ingérop employees were stolen.
Also, the German armament company Krauss Maffei recently experienced an attack of this kind. Hackers penetrated the company’s IT systems and infected it with malware. The production process had to be shut down for a week afterwards. This was followed by an extortion attempt with a ransom demand.
Stay in touch
Sign up to get the latest News about Cloud Security.
Malware remains standard
Compared to Advanced Persistent Threats, malware is far less complex, but still very effective. In general, it is used to perform unwanted or harmful functions to users. The cyber criminals use malware to increase their income, for example. The great variety of malware makes it a very popular tool for hackers.
This popularity is also reflected in its distribution: between 2006 and 2017, the number of malware incidents increased constantly. Email communication is the main gateway to malicious file attachments. Office files are particularly popular as disguise. Every third malware sent disguised itself as a Word, Excel or PowerPoint file, as can also be read in the Cyberthreat Report.
Spam emails – threat potential increases
Spam is no longer as popular among cybercriminals as it was ten years ago. The Hornetsecurity Cyberthreat Report concludes that in 2018 not even every second email was a spam email. The situation was different back in 2009: At this time, it was almost 100 percent of all emails. Anyone who thinks that this trend is positive is unfortunately mistaken. Whilst ten years ago almost no spam email contained malware, today this is quite different. More and more emails are packed with malware such as viruses, Trojans, Ransomware or spyware.
To summarise: The battle is far from lost.
Even though the damage caused by cybercrime is steadily increasing and it is becoming increasingly difficult to cope with the complex threat situation, the final “battle” has not yet been fought. More and more companies are aware of the current threat situation and are implementing intelligent IT security concepts as well as effective Managed Security Services to prevent sophisticated cyberattacks.
While expenses for Managed Security Services added up to 4.27 billion US dollars in 2016, this amount will be doubled to 8.26 billion US dollars in 2021. Companies have realized that they need to prevent cyber threats from the very beginning. Once the threat has invaded the IT infrastructure, it’s already too late.
In our latest Cyberthreat Report you can find out in detail which trends and developments are currently particularly affecting the world of cybercrime and which dangers result from this.