Six trillion dollars. Yes, you heard that right. That’s how much cybercrime is expected to cost the world annually by 2021 – a “hackerpocalypse” could be right around the corner. In this week’s Hacker Tracker we take a look at the damages hackers are racking up and how they continue to keep hitting where it hurts.
The idea of a “hackerpocalypse” may sound like a bad joke – or a corny horror movie – but the latest data shows it’s a scary reality that we all soon may face.
Hackers are on a roll, and the upward trend of data breaches and cyberattacks is costing the world big time.
According to the 2016 Cybercrime Report released by Cybersecurity Ventures and global information security advisory firm Herjavec Group, cybercrime damages are predicted to rise to more than $6 trillion annually by 2021.
These estimated costs include damage and destruction of data, stolen funds, decreased productivity, theft of intellectual property, fraud, stolen personal and financial data and embezzlement. The $6 trillion number also takes into account all of the costs that come after a cyberattack takes place, such as disruption to normal business activities, paying for an investigation into the crime, restoring or deleting compromised data and systems and reputational harm.
As Cybersecurity Ventures explained, the term hackerpocalypse can either stand as a metaphor for the world’s computing system and digital data being hit by mass destruction, or it can serve to highlight the state of the cybercrime landscape and resulting damage it causes.
“Cyberwarfare has crossed from the digital world into our physical realm, and there is a very real potential cybercrime will lead to the loss of human life,” Robert Herjavec, founder and CEO of Herjavec Group, stated. “A breach of our power grids, of our dams, or of air traffic control mechanisms could have catastrophic effects that are felt far beyond the financial and reputational impacts of a corporate attack.”
Cyberthieves Take The Mobile Route
Hackers are approaching bank heists in a new way – by targeting mobile devices.
Through malicious software programs such as Acecard and GM Bot, cybercriminals are attacking the financial services industry by stealing banking credentials when consumers access their financial accounts via mobile banking apps.
The Wall Street Journal reported that both law enforcement officials and cybersecurity experts have seen a rise in the popularity of such malware programs among cybercriminals.
Though no quantifiable data has been released that points to exactly how much money has been stolen through mobile-phone malware, the prevalence of the malware has raised red flags with U.S. banking regulators and the FBI.
“As a bank, you can have all the protections you want, but unless there is protection on the device, you can’t protect against this kind of attack,” Ross Hogan, global head of the fraud prevention division at Kaspersky Lab, told the WSJ.
The rising popularity of mobile banking apps, coupled with the fact that many consumers take a more relaxed approach to addressing cybersecurity on their mobile devices, means mobile-phone malware is both difficult to track and quickly gaining ground.
Ransomware Hits Hard In The Classroom
Both universities and the National Health Service (NHS) trusts in England have become prime targets for hackers looking to carry out ransomware attacks.
Cybersecurity firms discovered that one school in particular, Bournemouth University, was hit 21 times over the last 12 months. Freedom of Information requests also revealed that 28 NHS trusts were affected by cyberattacks.
According to cybersecurity company SentinelOne, 23 out of the 71 U.K. universities it contacted said that they had been victims of ransomware, with ransom sums as large as five bitcoins (about $2,900) being demanded by the hackers.
For any business, having sensitive data or computer systems held hostage can be a dangerous situation.
“Paying the ransom – which isn’t something we would advise – can cost significant sums of money, yet losing patient data would be a nightmare scenario for an NHS Trust,” Ollie Whitehouse, technical director at security firm NCC Group, told BBC News.
Hackers Just Can’t Leave The Feds Alone
It’s clear the U.S. government remains a top target for hackers.
Just this week, Krebs on Security reported that cybercriminals took a massive hit at .gov email addresses by sending out what’s known as “email bombs.”
The malicious messages bombard an email inbox with subscription requests to thousands of email lists, essentially rendering the inbox useless for a period of time. Security experts confirmed that the email bombs, which have been initiated over the last several weeks but picked up in intensity over the weekend, successfully impacted more than 100 government email addresses.
“The issue is the badly run ‘open’ lists, which happily subscribed every address without any consent verification and which now continue as participants in the list-bombing of government addresses,” Steve Linford, CEO of security firm Spamhaus, told Krebs on Security about the uptick in attacks during the past weekend.