$1.3M is Lost to CyberCrime Every Minute
by Robert Bond
RiskIQ – Every Minute, $1.3M is lost to Cybercrime
Cybercrime Costs Continue Rapid Growth
Cybercrime costs are continuing to rise, and new attack variants and techniques are created by an ever-growing army of cybercriminals every day.
Global threat management company RiskIQ recently released a report on the increasing volume of cybercrime and malicious activity on the internet. Included in the report is a breakdown of the $600 billion in costs that cybercriminals inflicted on the global economy last year. Using their own deep insights into adversary infrastructure plus verifiable, fact-based research on the cost of crime, the firm was able to calculate that an astonishing 1,274 new unique pieces of malware are created each year, 156 million phishing emails are sent every day, and 100 new phishing pages are created each minute.
Top Cybercrime Methods
The data shows that in a single “evil internet minute,” 1,861 people fall victim to cybercrime, 9.2 new instances of malicious advertising attacks are executed, and $1,138,888 is stolen by criminals.
Top threat vectors include a range of tactics, including supply chain attacks, phishing, and malware.
Top cybercriminal motives were noted to be largely financial as expected but also political; aiming to inflict large-scale reputational damage or commit espionage in most cases.
One reason that cybercrime continues to experience improving financial success is constant innovation – including the 1,274 new strains of virtually distinct malware that are created every minute.
RiskIQ’s research has also uncovered additional malicious activity each minute, ranging from blacklisted mobile apps to malvertising. Their findings include:
- 5 organizations fell victim to ransomware attacks every minute with an average cost to businesses of $15,221
- .17 blacklisted mobile apps created each minute
- .21 new phishing domains created each minute
- .07 incidents of the Magecart credit card skimmer occur every minute
- .1 new sites running the CoinHive cryptocurrency mining script created each minute
- 4 potentially vulnerable web components discovered each minute
Cybercrime Year over Year Comparison
Several of the statistics are particularly notable in comparison to last year’s 2017 report.
New instances of malware per minute increased from 818 to the 1,274 we quoted earlier; an over 50% increase!
Consequently, victims per minute increased from 1,080 to 1,861. Further, several new attack patterns appear on the 2018 report: crypto mining malware and sites running coinhive. These new attack techniques are a new and increasingly dangerous threat to businesses and consumers.
Cybercrime and Ransomware
Another top malicious threat on RiskIQ’s 2018 report is ransomware.
In 2018, ransomware cost organizations $8 billion globally and 1.5 organizations per minute fall victim to ransomware attacks. Since attacks based on the NSA EternalBlue exploit crippled organizations around the globe in 2017, ransomware attackers have become more creative and dangerous.
New variants are slowing down and randomizing the encryption process, seeking to evade heuristics-based antivirus solutions that are the standard in the market.
Another tactic is for attackers to move laterally across a network and delay ransomware attacks while they spread, waiting until a maximum number of systems are infected, so the attack will have a greater impact and potentially greater ransom.
Most Damaging Ransomware 2018 – Ryuk Ransomware
Ryuk ransomware is the latest strain of ransomware to hit businesses around the world. In September 2018, a new campaign has made over $640,000 in Bitcoin, and encrypted systems at several targeted enterprises. Researchers have tied the Ryuk ransomware to Hermes ransomware family and attributed the attacks to the North Korean Lazarus Group.
The attacks so far have been highly targeted; persistent attacks against three high-value enterprises, tailored to inflict maximum damage and extract the highest ransom possible from victims.
Ryuk Ransomware – Technical Analysis
According to a recent report by Check Point Research, the Ryuk Ransomware is comprised of several pieces – most notably a dropper and a ransomware binary. The dropper file writes the payload binary and then calls the executable to begin the attack. The first action the payload takes is to kill the antivirus defense then the database backup and document editing software. It then writes itself to a registry key for persistence and injects itself into a privileged running process.
The injected code then begins encrypting files using an RSA public key. Ryuk performs a recursive sweep of every drive and network share on the target system, with the exception of whitelisted web browsers that would be needed to view the ransom note and facilitate payment.
Ryuk has shown the most recent trend in ransomware. As the vulnerabilities behind recent attacks like WannaCry and NotPetya are patched, the widespread and broadly targeted attacks of the past year have become less successful. Criminal organizations are now conducting more extensive campaigns against high value targets, spending time to find targets that might be vulnerable to attacks.
One thing made clear by the Ryuk ransomware variant and the RiskIQ report is the profit motive of cyber criminals. As attacks continue, cyber criminals will innovate and improve their tactics, techniques, and tools to maximize their profit. New variants of malware are even able to decide if an infected target will be more profitable as a mining bot or ransomware victim. As attacks continue to increase, businesses will need to maintain threat awareness and vulnerability management programs to stay aware and secure against these threats.
February 4, 2020