PreprintPDF Available

An overview article on 600% increase in Cyber Attack in 2021

Authors:
  • Digital University Kerala(Formerly IIITM-K)
Preprints and early-stage research may not have been peer reviewed yet.

Abstract

After the pandemic hit the world, there has been an increase in the number of Cyber Attacks by approximately 600% percent. Cyber Security ventures predict cybercrime damages will be around 6trillionin2021upfrom6 trillion in 2021 up from 3 trillion in 2015. So, is cybersecurity actually implemented properly or are there improvements that are needed to reduce these heavy losses. In this manuscript, we will understand the basics of cybersecurity and the common attacks, the losses they incur, and how they can be prevented.
1
Overview article on 600% increase in Cyber Attack in
2021
Arka Ghosh
Department of Computer Science
Abstract- After the pandemic hit the world, there has been an increase in the number of Cyber Attacks by approximately 600%
percent. Cyber Security ventures predict cybercrime damages will be around $6 trillion in 2021 up from $3 trillion in 2015. So, is
cyber security actually implemented properly or are there improvements that are needed to reduce these heavy losses. In this
manuscript we will understand the basics of cyber security and the common attacks, the losses they incur, and how they can be
prevented.
Index Terms- Cyber Attacks, Cyber Crime, Cyber Security, Cyber Space, Networking.
INTRODUCTION
SECURITY PRINCIPLES
CIA Triad
This is one of the most important topics when it comes to principles of security. To maintain Information Security we require
three things, Confidentiality, Integrity and Availability, these three things together make up the CIA Triad.
Now let’s see what these three terms mean individually.
Confidentiality: There should be an access grant to a particular message only to the sender and receiver. No third person
should be able to access the message.
Breach in Confidentiality
First, we need to understand what is cyber space, cyber-attacks and cyber security.
Cyberspace:
The notional environment in which communication over com
puter network occurs is known as
cyberspace.
Cyberattacks: Attack on cyberspace is known as cyber
attack. We should remember anything that is online is hackable.
Thus, cyberspace is also susceptible to attacks.
So, in technical terms, the action which breaches or jeopardizes the
confidentiality, availability and integrity of a computer network system is known as cyberattack.
Cyber Security: The prevention against cyber
attack for the betterment of cyberspace is termed as cyber security. In
technical
terms, the procedure that ensures the confidentiality, integrity and availability of cyberspace is known as
cyber security
.
2
Integrity: It means, correctness of data. In other words, whatever data is sent from sender’s end, the same data should reach
the receiver.
Breach in Integrity
Availability: The data should be available to the user as per the SLA [Service Level Agreement]. For Example: Suppose there
is 10GB space available in my mail service, and a hacker sends a lot of spam mails to fill my 10GB quota, this is a simple
example of breach in availability.
There are many ways to maintain the confidentiality, integrity and availability of data. We can use different encryption
procedure to convert the plain text into cipher text, this process is also known as cryptography. There is also a process known
as hashing that ensures the integrity of the encrypted cipher data. The security can be further increased by enveloping the data
and the hash function together.
AAA Triad
The AAA Triad
It stands for Authentication Authorization and Accountability.
Authentication means that a credential is required to verify the legitimacy of a user trying to access a certain data or system.
Authorization means giving authority to a particular role or privilege upon successfully authenticating a particular user.
Accountability: Every access given to an authorized user should be accounted for in the system, this is crucial to maintain the
integrity of the system
Whenever there is a breach in any of the security principles, the network or organization is said to be under attack. The
attackers mainly look for vulnerabilities to breach these security principles to gain access to unauthorized information or data.
These attacks lead to heavy losses to the organizations, as well as the user’s privacy comes under risk. We will now take a
look at few of these attacks and how much they caused harm in the recent years and what measures can be taken to prevent
these attacks.
3
PHISHING ATTACK
In this type of attack, a website is cloned by the hacker and the URL is shared with the victim. The login credentials are sent
to the hacker’s system instead of the actual server. Thus, making the credentials available to the hackers. It is kind of a
identity threat and also a breach in privacy. One of the common tools used in this type of attack is SE Toolkit in Kali Linux.
Phishing attack generally happens through mails, where the attacker forges a link and sends a mails that looks genuine,
whenever the victim gives sensitive information through the link, the attacker phishes the credentials and uses them at their
will.
Statistics:
56% of IT decision makers say targeted phishing attacks are their top security threat.
83% of global infosec respondents experienced phishing attacks in 2018, an increase from 76% in 2017.
Business email compromise (BEC) scams cost organizations $676 million in 2017.
CEO fraud is now a $12 billion scam.
30% of phishing messages get opened by targeted users and 12% of those users click on the malicious attachment or
link.
Only 3% of targeted users report malicious emails to management.
53% of IT and security professionals say they have experienced a targeted phishing attack in 2017.
Credential compromise rose 70% over 2017, and they’ve soared 280% since 2016.
50% of phishing sites now using HTTPS.
Fake invoices are the #1 disguise for distributing malware.
Bill / invoice 15.9%
Email delivery failure 15.3%
Legal / law enforcement 13.2%
Scanned document 11.5%
Package delivery 3.9%
The most common malicious attachment types:
Office 38%
Archive 37%
PDF 14%
Other Ext 6%
Binaries 4%
XML/HTML/JS 1%
The volume of email fraud that organizations receive has increased 8% year-over-year.
By the end of 2017, the average user was receiving 16 phishing emails per month.
66% of malware is installed via malicious email attachments.
49% of non-point-of-sale malware was installed via malicious email.
21% of ransomware involved social actions, such as phishing.
30% of phishing messages were opened in 2016 – up from 23% in the 2015 report.
Prevention Mechanism:
At first let us look at how these attacks can be prevented. Recognizing spam mails and fake websites is the key to prevent
phishing attacks. Spam mails have specific characteristics that everyone should know, some of them are:
Attachments or links
Spelling errors
Poor grammar
Unprofessional graphics
Unnecessary urgency about verifying your email address or other personal information immediately
Generic greetings like "Dear Customer" instead of your name.
If mails like these are received, they should be deleted without opening. The sender of these mails should be blocked
manually. The URLS provided in these mails should not be clicked directly. The user can copy the link and paste it in the
browser to verify the authenticity of the site.
4
Poor security measures lead to these types of attacks. Every user should have a proper spam filter and organizations handling
sensitive information should use advance spam filtering techniques. Maintaining a private and a public mail address is also a
very good practice, because chances are high that the public mails are exposed to the attackers frequently. Changing the
public mail address frequently is highly advisable.
MALWARE ATTACK
It is a type of attack where the attacker infects the victim’s network or system through different scrips and malicious
applications to gain access to the system. Some very common types of malwares are: Worms, Trojans, Zero Day,
Ransomware, etc.
Zirikatu is a tool that can be used to generate payload scrips that is a kind of trojan that attacks to victim’s system and gives
the attacker full command on the system.
Recent malware attacks have become more sophisticated with the advent of machine learning and targeted spear phishing
emails.
Statistics
The total malware infections have been on the rise for the last ten years:
o 2009 – 12.4 million
o 2010 – 29.97 million
o 2011 – 48.17 million
o 2012 – 82.62 million
o 2013 – 165.81 million
o 2014 – 308.96 million
o 2015 – 452.93 million
o 2016 – 580.40 million
o 2017 – 702.06 million
o 2018 – 812.67 million
92% of malware is delivered by email.
Mobile malware on the rise with the number of new malware variants for mobile increased by 54% in 2018.
Third-party app stores host 99.9% of discovered mobile malware.
More than 250,000 unique users were attacked by Trojan-Banker.AndroidOS.Asacub malware application.
98% of mobile malware target Android devices.
Over the last year, MacOS malware has increased by 165%.
Malware development rates for Windows decreased by 11.6% since reaching an all-time high in 2015.
Malware is still the preferred distribution model, used 71.14% of the time over the last 12 months, while PUAs were
only used in 28.86% of instances.
Gamut spambot was the most frequently used, with over 86% of all spambot cases involving its use.
The United States continues to host the most botnet control servers in the world. Over the last year, 36% of these
servers were hosted in America, while 24% were hosted in undefined countries.
Trojans make up 51.45% of all malware.
7 out of every 10 malware payloads were ransomware.
230,000 new malware samples are produced every day — and this is predicted to only keep growing.
Malware and web-based attacks are the two most costly attack types companies spent an average of US $2.4
million in defense.
Overall business detections of malware rose 79% from 2017 due to an increase in backdoors, miners, spyware, and
information stealers.
Over 18 million websites are infected with malware at a given time each week.
34% of businesses hit with malware took a week or more to regain access to their data.
90% of financial institutions reported being targeted by malware in 2018.
5
Prevention Mechanism
The prevention and protection against malware come in two parts; Personal Vigilance and Protective tools. Malwares are
injected inside the system through various malicious websites and links. A user should open any link carefully. Downloading
files from unknown site should be prevented. Also the certificate of the website should be verified and authenticated.
Now coming onto the next thing, i.e., using a good anti-malware software to protect the system is a key component to prevent
malware attacks. Although anti malware software might not guarantee protection from malware attacks, it does reduce the
chance of these attacks. A powerful firewall is also recommended as a preventive measure against these attacks.
RANSOMWARE ATTACK
It is basically a kind of malware that attacks the victim’s files. Then the attacker asks for some ransom to give the decryption
key. The payment is asked to be done in cryptocurrencies as they are hard to track. Ransomware encrypts the whole system
and a decryption key is required to restore the system.
Some real-world ransomwares are: WannaCry, Crypto Locker, Simple Locker, Bad Rabbit. These ransomwares caused losses
of around billions of dollars to organizations.
Statistics
Ransomware attacks worldwide rose 350% in 2018.
Ransomware attacks are estimated to cost $6 trillion annually by 2021.
50% of a surveyed 582 information security professionals do not believe their organization is prepared to repel a
ransomware attack.
81% of cyber security experts believe there will be more ransomware attacks than ever in 2019.
75% of companies infected with ransomware were running up-to-date endpoint protection.
Ransomware costs businesses more than $75 billion per year.
The NotPeyta ransomware attack losses could exceed $1 billion.
FedEx lost an estimated $300 million in Q1 2017 from the NotPetya ransomware attack.
Atlanta, Georgia has spent more than $5 million rebuilding its computer network, after being hit by the SamSam
ransomware attack in March 2018.
The average cost of a ransomware attack on businesses was $133,000.
Businesses lost around $8,500 per hour due to ransomware-induced downtime.
25% of business executives would be willing to pay between $20,000 and $50,000 to regain access to encrypted data
30% of organizations who pay the ransom receive all of their money back.
40% of ransomware victims paid the ransom.
More than 50% of ransoms were paid by bitcoin in 2018.
10% of all ransom demands are over $5,000.
Of the 1,100 IT professionals surveyed, 90% had clients that suffered ransomware attacks in the past year.
40% had clients that were subject to at least 6 ransomware attacks.
A new organization will fall victim to ransomware every 14 seconds in 2019, and every 11 seconds by 2021.
1.5 million new phishing sites are created every month.
In 2019 ransomware from phishing emails increased 109% over 2017.
Prevention Mechanism
Ransomwares are like predators that hunt for vulnerabilities in a system or any system in the network they are comparatively
more vulnerable. Few factors that lead to a vulnerable system are:
The device used is no longer state-of-the-art
The device has outdated software
Browsers and/or operating systems are no longer patched
No proper backup plan exists
Insufficient attention has been paid to cybersecurity, and a concrete plan is not in place
6
If one or more of these points apply to the device, you are at risk of falling victim to a ransomware attack. A vulnerability
scan through various software or cyber security professionals can help find these vulnerabilities and fix them at the earliest.
To protect an individual from ransomware attack, the following measures should be followed:
Never Click on Unsafe links.
Avoid disclosing personal information.
Suspicious emails should be ignored.
Unknow USB stick should not be plugged into the system.
The OS should be kept up to date, along with the software and applications.
CRYPTOJACKING ATTACK
It is an unauthorized access to someone’s system to mine cryptocurrencies. The scripts are executed through URLs send in
email or advertisements present in malicious websites. There is no way to know, that your computer is mining
cryptocurrencies, you might notice lag in your system but won’t know why or where it is happening. Real world examples of
crypto jacking are: Miner gate, Bad Shell, Spear Phishing.
MinerGate variant suspends execution when victim's computer is in use. According to the CTA report, Palo Alto Networks
has analyzed a variant of the MinerGate malware family and found an interesting feature. It can detect mouse movement and
suspend mining activities. This avoids tipping off the victim, who might otherwise notice a drop in performance.
BadShell uses Windows processes to do its dirty work. A few months ago, Comodo Cybersecurity found malware on a
client's system that used legitimate Windows processes to mine cryptocurrency. Dubbed BadShell it used:
PowerShell to execute commands--a PowerShell script injects the malware code into an existing running process.
Task Scheduler to ensure persistence
Registry to hold the malware's binary code
Statistics
25% of businesses are estimated to have been victims of cryptojacking
Cryptojacking activity surged to its peak in December 2017, when more than 8 million cryptojacking events were
blocked by Symantec.
25% of the WordPress plugins among Alexa’s most popular sites are flagged with critical vulnerabilities that could
allow mining botnets in.
Applications can take 5 – 10 longer to load when a computer is being used for coin mining.
Prevention Techniques:
There are various techniques to prevent Cryptojacking. But raising awareness against crypto jacking is a main concern as not
many people know about this attack and ignore threats and vulnerability leaving them and their system at a risk of
cryptojacking. Few of the ways to prevent Cryptojacking is:
Install an ad-blocking or anti-crypto mining extension on web browsers.
Use endpoint protection that is capable of detecting known crypto miners.
Keep your web filtering tools up to date.
Maintain browser extensions.
Use a mobile device management (MDM) solution to better control what’s on users’ devices.
7
CONCLUSION
As we move more and more towards the future, cyberization comes more and more into field of IT sectors. With every passing day
the number of devices being connected to the network increases. Although it is a very affirmative progress, but this leaves more and
more devices vulnerable to attacks each day. Cyber security should be implemented in a even stronger way as AI is taking over,
making attacks even more harmful with days passing by. Today there are about 2.8 million cybersecurity professionals around the
world, but the workforce need to grow by approximately 145% to meet the current global demand for security, according to a report
from Cybersecurity nonprofit (ICS)2.
REFERENCES
[1] All About Phishing Scams & Prevention: What You Need to Know- Kaspersky
[2] 2021 Cyber Security Statistics:The Ultimate List Of Stats, Data & Trends- Purplesec
[3] Learn about malware and how to protect all your devices against it- Kaspersky
[4] Ransomware protection: how to keep your data safe in 2021- Kaspersky
[5] Cyber Attacks- Arka Ghosh
[6] Cryptojacking explained: How to prevent, detect, and recover from it- Michael Nadeau
[7] The Cyber Security Fundamentals- Arka Ghosh
[8] Network Attacks- Arka Ghosh
AUTHOR
Arka Ghosh, B.Sc. Computer Science
Mail: arkag30@gmail.com
Website: Arka Ghosh (arkag30.github.io)
... Recent malware attacks have become more sophisticated as a result of the use of machine learning. It is estimated that at least 230,000 malware samples are produced every day, and 18 million websites are infected with malware each week [3] . ...
Article
Full-text available
Despite numerous breakthroughs in creating and applying new and current approaches to malware detection and classification, the number of malware attacks on computer systems and networks is increasing. Malware authors are continually changing their operations and activities with tools or methodologies, making it tough to categorize and detect malware. Malware detection methods such as static or dynamic detection, although useful, have had challenges detecting zero-day malware and polymorphic malware. Even though machine learning techniques have been applied in this area, deep neural network models using image visualization have proven to be very effective in malware detection and classification, presenting better accuracy results. Hence, this article intends to conduct a survey showing recent works by researchers and their techniques used for malware detection and classification using convolutional neural network (CNN) models highlighting strengths, and identifying areas of potential limitations such as size of datasets and features extraction. Furthermore, a review of relevant research publications on the subject is offered, which also highlights the limitations of models and dataset availability, along with a full tabular comparison of their accuracy in malware detection and classification. Consequently, this review study will contribute to the advancement and serve as a basis for future research in the field of developing CNN models for malware detection and classification.
Article
Full-text available
The increase in number of people using the Internet leads to increased cyberattack opportunities. Advanced Persistent Threats, or APTs, are among the most dangerous targeted cyberattacks. APT attacks utilize various advanced tools and techniques for attacking targets with specific goals. Even countries with advanced technologies, like the US, Russia, the UK, and India, are susceptible to this targeted attack. APT is a sophisticated attack that involves multiple stages and specific strategies. Besides, TTP (Tools, Techniques, and Procedures) involved in the APT attack are commonly new and developed by an attacker to evade the security system. However, APTs are generally implemented in multiple stages. If one of the stages is detected, we may apply a defense mechanism for subsequent stages, leading to the entire APT attack failure. The detection at the early stage of APT and the prediction of the next step in the APT kill chain are ongoing challenges. This survey paper will provide knowledge about APT attacks and their essential steps. This follows the case study of known APT attacks, which will give clear information about the APT attack process—in later sections, highlighting the various detection methods defined by different researchers along with the limitations of the work. Data used in this article comes from the various annual reports published by security experts and blogs and information released by the enterprise networks targeted by the attack.
ResearchGate has not been able to resolve any references for this publication.