Cybersecurity: A Trillion Dollar Challenge with No End in Sight | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Technological advancements are at an all-time high, with AI gradually taking over every acre of your life. It’s a good thing, right? It’s making our lives easier, yes. But, at what cost? This article will probably leave you more worried than you’d want to be. We are talking about the specter of cyber attacks now looming larger than ever before, cornering us with every passing second.

Last year, cyber attacks reportedly cost the world a staggering $8 trillion. The US lost $9.48 million alone this year to cyber attacks, as reported by IBM. Well, these numbers are only going to skyrocket in the coming years, and things haven’t exactly been looking good. But, before taking a look at the bigger not-so-pretty picture, let’s first let you in on the basics of it all.

What is a Cyber Attack?

Cybersecurity: A Trillion Dollar Challenge with No End in Sight
Image Courtesy: Shutterstock

The world is no stranger to the term ‘hacker’. There are ethical hackers, yes. But, there are also those with malicious intent. And, when such a hacker tries to gain or successfully gain unauthorized access to a digital system, that is what you call a cyber attack, in the conventional sense. Today, you can broadly refer to such individuals or groups as “threat actors” in cyberspace.

Every single day, from accidentally tapping or clicking on malicious links to getting your Google and social media accounts hijacked, you leave yourself open to cyber attacks. Over the years, cyber attackers, cybercriminals, and threat actors have gone through multiple stages of evolution.

And now, they are equipped with a variety of different ways to detect such vulnerabilities and exploit them. Not to mention that they hide behind a virtual wall while carrying out such activities, making it rarely possible to track them down.

The worst part? You won’t even know you are the victim of a cyber attack until it’s too late. As American novelist Rebecca Brown once penned, “You can’t fight a battle you don’t see or know exists. You can’t defeat an enemy when you don’t even know he is attacking you.”

But, what causes such individuals or groups from launching a cyber attack?

Driving Motivation Behind a Cyber Attack

Cybercriminals are mostly driven by extrinsic motivation in the form of financial gain. In fact, a Databasix report reveals that over 80% of data breaches are motivated by financial gain. In addition, the report also reveals that cyber espionage accounts for 10%. But it doesn’t end there.

Hacktivist groups are also threat actors that are driven by intrinsic motivation fueled by socio-political factors. Meanwhile, there are threat actors that launch a cyber attack for something as crooked as a competitive advantage or as nefarious as terrorism. With that out of the way, it is now time to look at all the common types of cyber attacks that such cyber criminals organize.

Most Common Types of Cyber Attacks

Phishing Attack

In a phishing attack, threat actors or cybercriminals basically impersonate an organization or a company to bait individuals. Then, they send malicious links over emails to such individuals. These individuals, thinking of it as a legitimate email, click on such links and compromise their data. To illustrate an example, the YouTube account of Linus Tech Tips was taken over in a similar manner last year.

Phishing attacks are dangerous as they rely on human errors rather than technical vulnerabilities in a digital system. Further, recent research reveals that phishing accounts for 39.6% of all email attacks. A Check Point report also talked about the dangers of romantic phishing, which people have been falling prey to a lot recently. People on dating apps, beware.

Malware Attack

Cybersecurity: A Trillion Dollar Challenge with No End in Sight
Image Courtesy: Shutterstock

Malware takes the form of software and injects trojans, worms, or other viruses into your system. Then, these programs gradually take over and break your antivirus or security systems, leaving your digital device vulnerable to threat actors. In malware attacks, “Trojans” are most commonly used. Trojans are referred to as malicious software that guise themselves as legitimate software.

So, even though you think you are downloading the right program, chances are that it is a Trojan. Automatically, you install this malicious program and then, it injects a loader and executes the malware into your system. That’s why we caution users from installing Android APKs from unofficial sources. Recent data suggest that Trojans make up an alarming 58% of all malware.

Ransomware Attack

While we are on the topic of malware, a ransomware attack should definitely not be left out. Especially since it affected 72.7% of organizations in 2023. Now, what makes ransomware significantly more dangerous is that the malicious software encrypts the victim’s files, rendering them useless. On top of that, as the name suggests, these files remain encrypted or blocked till the ransom is paid off to the threat actors.

So, automatically, threat actors using ransomware take complete advantage and demand a hefty ransom. Recent research reveals that the average ransomware attack cost is roughly $4.54 million. Moreover, the recovery costs are approximately $1.85 million.

Further, with the emergence of cryptocurrency, such threat actors easily get away with the money without a single trace left behind. These attacks not only lead to financial loss, but also dent customer trust in the organization, and lead to reputational damage of the affected company.

Data Extortion

Data extortion attacks are similar to ransomware attacks. But, unlike ransomware attacks, where the victim is blocked from accessing the data, data extortionists actually steal the data. They do so by exploiting vulnerabilities and infiltrating the victim’s system.

Once in, they dig deep into the victim’s files and make a copy of their sensitive data. Then, they blackmail the victim into paying a ransom to get their data back. This strategy was used by cybercriminals in 27% of cyber attacks in 2023. Sadly, paying the ransom doesn’t guarantee that the victims will get their data back.

DDoS attacks

DDoS (Distributed Denial of Service) attacks target websites or servers and bring them down. Threat actors using DDoS attacks do so by overburdening the website or server with traffic from different sources. Traffic is redirected from different sources through the usage of botnets. Recently, ChatGPT also faced a DDoS attack which made the website unserviceable for several hours.

A Cloudflare report gives us an insight into some statistics. According to this report, there was an 85% increase in network-layer DDoS attacks in 2023, as compared to 2022. Certainly, DDoS has become one of the most common types of cyber attacks in recent years.

Man-in-the-Middle Attacks (MiTM)

As the name suggests, a threat actor basically takes on the role of a middleman in your communication channels. This allows them to eavesdrop on your online conversations and extract sensitive information from them. It could include your browser chats, emails, etc.

In addition, they can also alter the conversation by impersonating a genuine sender and sending texts to the recipient. Wi-Fi eavesdropping is one of the common types of MiTM attacks, comprising nearly 35% of total MiTM attacks in 2023. The report also talks about how such cyber attacks are more prevalent on public Wi-Fi systems.

So, these are a couple of common cyber attack types. However, that’s not all, and now, a new threat has emerged. Yes, you guessed it right. We are talking about cyber attackers using AI to their advantage.

Alarming Rise of AI-Based Cyber Attacks

Cybersecurity: A Trillion Dollar Challenge with No End in Sight
Image Courtesy: Shutterstock

Very recently, Microsoft and OpenAI joined hands to terminate five state-sponsored hacking groups that were using OpenAI’s LLMs (Large Language Models) like ChatGPT to their malicious advantage. OpenAI lists these threat actors in a dedicated blog post, while Microsoft further expands in its own security blog.

Now, although OpenAI’s findings reveal that its AI tech offers “only limited, incremental capabilities for malicious cybersecurity tasks”, let’s not forget the romance scams that ChatGPT was used for carrying out. Not to mention, it’s a whole different and alarming story when it comes to deepfakes.

Recently, an instance shook the internet, where threat actors used deepfake tech to scam a multi-million dollar company out of a whopping $26 million. Apparently, the fraudster posed as the Chief Financial Officer by creating a deepfake and made a video call to a Hong Kong-based finance employee who transferred the amount in no time. It doesn’t end there.

Threat actors today are deploying sophisticated attacks using AI and ML which were unheard of before. This falls in line with the news of a threat actor going by the codename GoldFactory using “highly sophisticated” trojans coupled with deepfake tech to harvest face IDs and get into banking apps.

Meanwhile, in India, where we are currently residing, AI-powered deepfake audio scams are at an all-time high. A survey revealed that AI voice cloning scams are the most common in India. The same survey also revealed that 70% of the global respondents were unsure about which is an AI-generated voice, and which is the legitimate one. That is very alarming, indeed. Recently, we made a reel, addressing the same issue. You can check that out below:

Besides that, deepfake technology has also been used to manipulate the general election in Slovakia. During the elections, a party spread false information using deepfake audios and videos of the Progressive Slovakia leader Michal Šimečka.

In addition, Google’s recent Cybersecurity Forecast 2024 report discussed generative AI making things more complex for defenders by further arming threat actors.

It just goes to show the malicious misuse of AI and the large-scale harm it can do. Such attacks are only mutating with each passing day and the AI cybersecurity threat-scape is all too real at this point. Thanks (or not) to AI, the kind of money cyber attacks will cost the world in 2024 and beyond is just insanely worrying to think about.

Estimated Financial Fallout Due to Cyber Attacks in 2024 and Beyond

As we mentioned right in the beginning, cyber attacks have cost the world an estimated amount of $8 trillion in 2023 alone. Now, new research on this subject revealed that this number is expected to hit $9.5 trillion in 2024. Furthermore, they added that with AI tech being used for cyber attacks, this cost is likely to hit the $10 trillion mark in 2025. According to ExpressVPN, the global cost of cyberattacks might double in just five years. Here, take a look at the numbers.

Year Global Cost of Cyberattacks (Estimated) Year-on-year increase (in percentage)
2024 $9.5 trillion 19%
2025 $10.5 trillion 10.5%
2026 $11.3 trillion 7.6%
2027 $12.4 trillion 9.7%
2028 $13.8 trillion 11%
2029 $15.6 trillion 13%
2030 $17.9 trillion 15%

So, these numbers are to just give you an idea, and only time will tell how big the financial fallout will actually be. Another Statista report predicts the cost of cybercrimes to reach $23.84 trillion by just 2027.

The bottom line is that cyber attackers are playing in trillions now and will not show any sign of slowing down anytime soon. That is probably why, as per a Next Move Strategy Consulting report, the cyber security market is predicted to exceed the $650 billion milestone by 2030. In this regard, here is the data on the average cost of a data breach in 2023 by countries.

cost of data breach by countries in 2023
Image Courtesy: Statista

As you can infer from this graph, the United States is at the top, being the country recording the most loss due to cybercrimes. In 2022, the cost of cyber attacks in the US was $9.44 million. Then, in 2023, this number rose to $9.48 million, which is a 0.4% increment.

Similarly, the Middle East has also been a victim of most cyber attacks, costing them $7.46 million in 2022. In 2023, this number stood at $8.07 million, an alarming 8.1% increment.

Italy has also seen the numbers go up, from $3.74 million in 2022 to $3.86 million in 2023 (3.2% increment). Latin America had it significantly worse, with the costs going from $2.80 million in 2022 to $3.69 million in 2023 (a whopping 31.7% increment).

ASEAN (Association of Southeast Asian Nations), also saw a 6.2% increment in cyber attack costs, with $2.87 million in 2022 to $3.05 million in 2023. For those unaware, Vietnam, Indonesia, Malaysia, Singapore, Philippines, Cambodia, and others are ASEAN countries.

Meanwhile, countries like Canada, Germany, Japan, the United Kingdom, France, South Africa, Australia, India, Scandinavia, and Brazil saw a decrease in cyber attack costs. However, the decrement was minor and the costs still run in the millions.

Most Common Targets of Cyber Attacks

Certain industries are more commonly targeted due to the critical and sensitive data they handle. The most targeted industries for cyber attacks often include firms operating in “critical” sectors like energy, health, and finance. These sectors are targeted by both for-profit hacking groups and state-backed adversaries aiming to do damage to international rivals.

Other industries that are commonly targeted include education, government, military, communications, managed service providers, and healthcare. Moreover, thanks to a report by IBM, we also know of the industries that have faced the most cyber attack costs. Take a look at the table below:

Industries Cyber Attack Costs in 2022 (Millions) Cyber Attack costs in 2023 (Millions)
Healthcare $10.10 $10.93
Finance $5.97 $5.90
Pharmaceuticals $5.01 $4.82
Energy $4.72 $4.78
Industrial $4.47 $4.73
Technology $4.97 $4.66
Professional services $4.70 $4.47
Transportation $3.59 $4.18
Communications $3.62 $3.90
Consumer $3.86 $3.80
Education $3.86 $3.80
Research $3.88 $3.63
Entertainment $3.83 $3.62
Media $3.15 $3.58
Hospitality $2.94 $3.36
Retail $3.28 $2.96
Public sector $2.07 $2.60
Data Source: IBM

Going by this table, you can see that Healthcare, Finance, Pharmaceuticals, Energy, and Industrial are the most common targets of cyber attacks since they have also had to face the most costs within the 2022-2023 period.

It must be noted that the Healthcare sector has repeatedly faced cyberattacks for many consecutive attacks as it handles sensitive records of individuals including medical history, personal information, social security numbers, etc. These data can be used for insurance fraud, identity theft, and extortion.

The real question is, if the global cost of cyberattacks is so exorbitantly high, how are these damages dealt with? Who is exactly the final victim of these losses here?

How Are These Damages Dealt With?

Cybersecurity: A Trillion Dollar Challenge with No End in Sight
Image Courtesy: Shutterstock

IBM’s report on the 2023 Cost of Data Breach concluded that we, the users and customers, pay the price of these cyberattacks. Let us make this simpler for you. Let’s say that you are subscribed to a particular software and use it actively. This very company now faces a major cyberattack. Well, yes, of course, your credentials and details are likely to be compromised.

But once the company recovers from it, you see that they have added a subscription plan for the software you use. Since you use it actively, you can’t go without it. So, naturally, you pay the price that the company wants. In a way, the company uses its customers to recover the cost of these incidents and make up for the losses.

So, ultimately, they have nothing to lose and you have everything to lose as a customer. But, can you blame companies for doing this? If they don’t, they will go under. The main culprits are the threat actors that launch such cyber attacks. However, the good thing is that companies have started using services like Cloudflare for the protection of their online services.

Moreover, they have started establishing enhanced security protocols as an additional layer of protection against cyber attacks. In addition, they have also started educating their employees on good practices like not working from their personal computers.

This is a very important thing to note: if your personal computer falls prey to an attack, chances are that it paves for the threat actors to use your personal device as a weapon to catch the bigger fish that your company is.

How to Protect Yourself Against Cyber Attacks?

Cybersecurity: A Trillion Dollar Challenge with No End in Sight
Image Courtesy: Shutterstock

Use Multi-factor Authentication

In recent years, you have probably seen the term 2FA being thrown around a lot. 2FA stands for two-factor authentication, which allows you to add additional layers of security to your online accounts. From Instagram and Facebook to Google, all these platforms encourage you to enable two-factor authentication on your respective accounts.

With this enabled, hackers will have a tough time cracking your password and security systems. In addition to this, you should also rely on trusted authenticator apps to further solidify your online security.

Use a VPN

VPNs (Virtual Private Networks) are undoubtedly the easiest way of protecting your online presence against threat actors. VPNs hide your IP address underneath their server address, keeping it from being out there in the online world. So, using VPNs, you can safely browse the web without having the fear of being hacked or compromised somehow.

Additionally, VPNs use encryption to make sure that the data you surf online is not intercepted by threat actors in any way. Encrypted traffic is very difficult for cyber attackers to intercept and decode.

Be Cautious

Whether you are on a dating app or are just going through your emails, be cautious. Don’t interact with fishy accounts online or click on just about any link. Do your bit of research and make sure everything is as legit as it seems. It’s a great way of ensuring that your very own mistake does not come back to bite you. As they say, prevention is indeed better than finding a cure.

Report Fishy Online Activities

While being on the topic of being cautious online, do not turn a blind eye to cyber attacks. If you come across malicious activities, report such incidents to the company. As IBM’s report states, an average of 204 days is taken by an organization to identify a data breach. An additional 73 days are taken to contain it. The point is, the sooner you report such incidents, the faster it gets for them to detect and neutralize them.

Keep All Your Software Updated

There’s a reason why your smartphone, laptop, and even your smartwatch receive software updates. These software updates bring security patches to your digital devices, giving them the ability to stand stronger against cyber attacks. By rolling these software updates, companies fix exposed vulnerabilities.

So, if you are on a device that has stopped receiving critical updates in the first place, we wouldn’t recommend using it for anything personal. That is also the reason why brands are gradually increasing the support window for devices. Very recently, Google, and then Samsung, announced seven years of software updates for their flagship devices. Now you know why that matters.

The Bottomline

Cybersecurity: A Trillion Dollar Challenge with No End in Sight
Image Courtesy: Shutterstock

With cyber-attacks costing us trillions and reports suggesting they’ll continue doing so, one can’t help but think about what could quite possibly stop all the madness. Well, a Harvard Business Review report from last year revealed 80% of cyber attacks are caused by “human error”. Yes, me and you, are the biggest threat here.

Not to mention, the report also emphasizes how we fall for cyberattacks, after all the cyber training and increase in general awareness. But, a key fact this report suggests is that we can actually use AI to our advantage.

Yes, AI is being used by threat actors to carry out all sorts of malicious cyber attacks imaginable. But, so can the defenders to counter such attacks. In fact, the report states that AI can detect and classify malicious emails with an impressive 98% accuracy.

This fact is backed by another blog post by Terranova Security, that AI can analyze multiple devices and detect vulnerabilities in a very short span of time. It goes without saying that AI is faster at such tasks than humans.

Moreover, by just taking the necessary precautions and increasing your cyber awareness, such attacks can be prevented. Organizations should also ensure that their employees are armed to the teeth with all the cyber education to avoid making human errors. Because, from the looks of it, a major decrease in human errors is the only solid way to counter the cyber attack wave and keep its costs from increasing every year.


Click Here For The Original Source.

National Cyber Security