You’ve probably heard of cybercrime, but what is it exactly? According to Interpol, cybercrime is one of the fastest growing types of crime because it is fueled by anonymity, convenience and a global reach thanks to digital advancements.
As more companies and individuals move to the digital space, they are facing cybercrime in the form of stolen data, sophisticated attacks against hardware and software, financial crimes, extortion and even terrorism.
Out of these different types, data breaches top the list in terms of frequency and loss. In fact, stolen data is a valuable commodity across the entire criminal ecosystem and the number of data breaches that have happened over the last few years are a testimony to this fact.
What exactly is a data breach and how does it occur? What happens after a data breach? How do you stop it? It’s important to know the answer to these questions, as we believe this is the first step towards protecting your online identity and data.
Before getting to those answers, let’s first drill down to the fundamentals. We’ll start with understanding cybercrimes first.
What Is Cybercrime?
There is no universal definition of cybercrime, but it has come to denote any criminal activity that uses computers or computer networks to do something illegal. It also includes any kind of unlawful activity done by one or more individuals in cyberspace.
As with everything, cybercrimes are also evolving and becoming more sophisticated every day. What started out as simple attacks perpetrated by script kiddies has evolved into complex crimes that involve billions of dollars. Out of these, identity theft and data breaches top the list in terms of frequency and money lost.
According to the 2017 Identity Fraud Study released by Javelin Strategy & Research, $16 billion was stolen from 15.4 million U.S. customers in 2016 alone. That figure is shocking enough, but if you put together the statistics from the last six years, it gets much worse: over that period, identity thieves have stolen more than $107 billion.
Another report from the Health Information Trust Alliance (HITRUST) shows that data breaches in the healthcare industry alone have cost $4.1 billion. 495 breaches occurred up to the year 2015, with the average cost of each breach being $8.27 million. It’s estimated that 21.12 million records have been stolen from healthcare providers thus far.
This brings us to another question — why do data breaches and identity theft top the list in the world of cybercrime? Well, the answer is simple: they are the easiest crimes to commit while also being extremely lucrative.
How Do Data Breaches Happen?
There are many ways to gain access to secure systems and hackers are constantly looking out for new ones. The Ponemon 2014 Cost of a Data Breach study shows three broad categories of security weakness.
- Human error
- System problems
- Criminal attacks
Human error is the single largest cause of data breaches. Beazley of London analyzed more than 1500 data breaches in 2014 and concluded that human error caused most of them. Common examples include mishandling of sensitive information, lack of knowledge about securing login credentials, improper disposal of data and losing a storage device.
The second largest cause are system problems such as a lack of adequate firewalls, weak authentication procedures and more in that vein. These problems increase the chances for a hacker to get unauthorized access to a system.
The third, and probably the least common cause of data breaches, are criminal attacks. Though they’re rare when compared to human errors and system glitches, they cost affected organizations the most.
Criminal attacks take many shapes, but the most common are:
- Dedicated denial of service (DDoS) attacks
- Viruses, worms and trojans
- Point-of-sale attacks
A surprising aspect is many of these crimes happen without your knowledge. You may think your passwords are safe and sound in your cloud storage, but, for all you know, hackers could be selling them on the black market right now.
So, why do hackers take so much effort to steal your data and what do they do with it?
Why Do Data Breaches Happen?
Criminals use hidden areas of the Internet called the “dark web” to buy and sell your stolen data. All kinds of information such as your credit card details, social security number and other personal data gleaned from your online presence are traded in this shadowy underworld.
A report by Intel Security Group’s McAfee Labs gives an estimate of the average price for each kind of stolen data.
- Credit and debit cards of U.S customers: $5 to $30
- Credit and debit cards of UK customers: $20 to $35
- Credit and debit cards of Canadian customers: $20 to $40
- Credit and debit cards of Australian customers: $21 to $40
- Bank login credentials for an account with a balance of $2,200 or more: $190
- Bank login credentials and any kind of stealth fund transfers to UK banks: $700 to $900
- Login credentials for PayPal: $20 to $300, depending on the balance
- Login credentials for online auction accounts and loyalty programs: $20 to $1,400
- Login credentials for content services such as Netflix: $0.55
In addition, combined information, such as a bank ID number with the account holder?s date of birth, fetches double the price.
These numbers alone should give you an idea of what your data’s worth and why hackers are after it all the time. Unfortunately, they’re often successful, too.
A look at some prominent data breaches that happened over the last ten years should give you a glimpse of the modus operandi and success rate of hackers.
Examples of Data Breaches
In February 2015, Anthem, Inc., a umbrella for healthcare providers across the U.S., reported that hackers had stolen the data of just under 80 million customers. Though the exact causes of this massive breach of highly sensitive information remain unknown to this day, investigators suspect a foreign government may have been behind the attack.
Whatever the cause, victims of the Anthem medical data breach may find themselves dogged by the effects of identity theft for the rest of their lives, not to mention the millions of dollars it cost the healthcare corporation.
The worst part of the entire fiasco, however, was that had Anthem encrypted the information, the thieves would have walked away empty-handed after their successful breach. As it was, the data of Anthem?s customers was just sitting behind its electronic defences, ripe for the taking for anyone smart enough to break through.
In 2012, hackers pulled off one of the biggest cloud hacks ever. They stole 68 million users’ passwords and email addresses from cloud storage provider Dropbox. The breach happened because a Dropbox employee reused a password that he had previously used on LinkedIn.
Hackers used this compromised password to enter Dropbox’s corporate network and from there, accessed the user database that contained encrypted passwords. The hack only came to light when the ensuing password dump was picked up by Leakbase, a security notification service.
In another incident, Dropbox allowed anyone to access a customer’s data by entering just the email address of that customer. For example, if you had the email ID of a Dropbox user, you could’ve entered that ID and got all the details about that user. The system didn’t prompt for a password at all during this time.
This security problem happened due to a bug in the code and lasted for four hours before it was discovered and fixed. To date, no one knows how many records were compromised; it has, however, led to Cloudwards.net compiling a list of nine secure Dropbox alternatives.
Not as extensive as the Dropbox breach, but much more widely publicized, was an iCloud leak in September of 2014 that led to naked images of celebrities flooding the Internet in an event called the fappening. The episode caused outrage and much embarrassment not just to celebrities like Jennifer Lawrence and Kate Upton, but also to Apple.
A report by The Daily Dot shows that Apple knew of the security loophole responsible for this breach as early as March 2014, but didn’t fix it. This left the personal data of iCloud users open to hackers and they, not prone to leaving an opportunity untouched, took the chance given to them.
LastPass, a much used password manager, was hacked in June 2015. Many email addresses and password reminders stored on its servers were hacked. This is an irony considering that many enterprises rely on LastPass to secure the passwords of their users.
According to LastPass CEO Joe Siegrist, no user accounts were accessed. Only email addresses, authentication hashes and password reminders were stolen. Though the damage may have been less extensive than in our other examples, Siegrist’s remarks were likely cold comfort to the attack’s victims.
Though not a data breach as such, the WannaCry attack in May 2017 showed the dangers of one particular type of cybercrime called ransomware. Though ransomware has been around for a few years now, infecting people’s computers, then encrypting their data until they pay a ransom was usually seen as more of an annoyance than anything else.
WannaCry changed all that, as the people behind it managed to cripple governments and major corporations around the world, despite many experts judging the work they did as being amateurish. If even the high and mighty can fall victim to such shenanigans, regular people should start thinking long and hard about protecting themselves.
In June 2015, Ubiquity Networks, Inc. lost just under $7 million thanks to a so-called spear phishing scam. Phishing is, put simply, the act of passing yourself off as someone trustworthy in an email and is also one of the most common cybercrime scams out there.
In the case of Ubiquity, employees of the finance department received emails from company execs requesting transfers of funds to Hong Kong. The employees in question obeyed, of course, and ended up lining the pockets of some very happy criminals to the tune of almost $50 million.
Cybercrime and Law Enforcement
Meanwhile, legislature and law enforcement seem to always be one step behind cybercriminals. Though sometimes they do make a big arrest, many governments seem more interested in spying on their citizens (or allowing ISPs to do so) than preventing crimes against them.
Then again, the job of a cybercrime unit is somewhat Sisyphean in nature: every time the boulder is at the top of the hill and police are ready to make an arrest, the criminals in question disappear into the night, never to be seen again. Add to that the international nature of such gangs and the job of catching them becomes a nightmare.
In short, the Internet is not as safe as you may think. There are hidden avenues that allow hackers to access your data and do whatever they want with it. The way things stand now, it is up to each person to secure their own data. You should start by understanding how online security works and how hackers could possibly steal your data. From there, you can work your way toward protecting it.
Generally speaking, the cloud is the safest place on the Internet thanks to advanced protocols and the fact that data is never just in one place. Any of our best cloud storage services should provide enough safeguards for you to rest easy at night.
This content is originally written by Lavanya Rathnam on Cloudwards.net