Cyber attacks have come a long way from duping us into helping a Nigerian prince down on his luck. Now, cyber attacks have grown into a global, $43 billion business, on a trajectory of growing by at least 15 percent each consecutive year.
On average, the Federal Bureau of Investigation receives 2,300 complaints per day reporting cyber criminal activity. These victims have paid out $6.9 billion by way of successful schemes in 2021 alone.
Given a 65 percent increase in identified global losses to cybercrime over the past year, taking preventative measures and self-educating on the latest trends are a user’s best bet in avoiding malicious online traps.
Any attempt to gain unauthorized access to one or more computers with intent to cause harm qualifies as a cyber attack.
These expensive, unwelcome attempts steal, expose, alter, disable and destroy information through data breaches. By 2025, researchers at Cybersecurity Ventures predict $10.5 trillion in damages per year, worldwide.
And — with nearly 300,000 bits of malware created daily — it’s not stopping anytime soon.
But before we get into the top cyber attacks of 2022, it’s important to understand the many forms cybercrime can take.
So, how common is ‘“common?”
Cyber attacks occur every 39 seconds, accumulating 30,000 hacks per day, worldwide.
The following list outlines cybercrimes worth keeping on your radar, leading with the most frequent attack types — malware and phishing.
Hackers designed malware — or malicious software — to intercept data from a computer, network or server by tricking the users themselves into installing faulty programs to their devices at their own hand. Once compromised, a malicious script bypasses security protocols, allowing hackers access to sensitive data or even to hijack the system entirely.
Malware is one of the most commonly used cyber attacks, with 560,000 incidents detected every day, and it does not discriminate — attacks have been wagered against companies, governments and individuals, frequently partnered with phishing emails.
Cloud-based, IT security company Mimecast compiled feedback from 1,400 information technology and cybersecurity leaders — screening more than one billion emails per day — in their latest State of Email Security report. They found that 8 out of 10 organizations experienced malware activity internally, as it spread from one infected employee to another. That number, 83 percent, accounts for a 10 percent increase from 2021 — making it the highest rate of infection since records began in 2016.
The average cost of a data breach reached a record high of $4.35 million in 2022, according to a report from IBM and the Ponemon Institute, with remote workforces playing a part in the $137,000 increase from the previous year.
Like fish to dangling bait, hackers cast lines of digitized fraud out to unsuspecting users in hopes of a big catch — sensitive information or access to a network, so as to engage malware measures. These cybercrimes deliver malware straight to your inbox in well-known email schemes that use faulty links or attachments. They can be fueled by social engineering — a malicious data-collection tactic that uses psychological manipulation — and tailor-made for recipients to be tricked or spoofed into a message’s legitimacy by impersonating a mutual party.
Of all cybercrimes, email phishing is responsible for 91 percent of malicious attacks. In its many forms, phishing claimed 323,972 victims in 2021, per the latest FBI Internet Crime report.
No one is safe — a phishing campaign using Office 365 stole credentials from the U.S. Department of Labor in January while PayPal impersonators continue to regularly scam millions from online consumers.
Hackers promoted a Bitcoin scam across 45 of the 130 high-profile Twitter accounts they gained access in a spear phishing attack on Twitter employees in July 2020. Each profile, from Barack Obama to Elon Musk, Bill Gates, Jeff Bezos, Apple and Uber, had more than one million followers each. Valued at the time, at least $180,000 in Bitcoin was transferred to scam accounts.
MORE ON HOW TO PROTECT AGAINST PHISHING ATTACKSPhishing Attacks: 18 Examples and How to Avoid Them
By injecting malicious, client-facing scripts into the code of a trusted web application or website, cross-site scripting, known as XSS, offers hackers unauthorized access to user information, commonly collected from an on-site search or contact form.
Sites vulnerable to XSS include message boards, forums and web pages, which depend on user input that is not screened for malicious activity; however, this does not exclude bigger sites.
In September 2014, hackers tampered with JavaScript code across eBay product listing pages, redirecting shoppers via malicious links to spoofed listing pages that would collect their credentials.
Data breaches affected nearly 380,000 booking transactions at British Airways in 2018.
Cryptojacking refers to a hacker’s covert efforts to commandeer a computer’s processing power for the purpose of mining cryptocurrencies, like Bitcoin and Ether, while the user is unaware or non-consenting. Jeopardized systems suffer a slow processing speed.
Denial of service, or DOS, approaches cyber attacks with one singular tactic: totally overwhelm. Typically, this is done by flooding servers with traffic generated by superfluous, false requests in order to overload a system, subduing some or all legitimate requests.
The endgame for DOS hackers isn’t to steal data, but rather to shut down business operations, as demonstrated in February of 2020 when a hacker came for Amazon Web Services in the largest, publicly disclosed data breach to date that measured 2.3 terabytes per second. In this instance, the hacker opted for a DDoS attack, or distributed denial of service, which allows multiple devices to be breached simultaneously.
DNS spoofing happens when hackers send online traffic to a “spoofed” or falsified website that replicates a user’s desired destination, like a login page for a bank or social media account. That information, of course, is submitted to hackers sitting at the other end of the fabricated site linked to a fraudulent IP address.
These incidents can be used to sabotage companies by redirecting visitors to a low-grade site with obscene content or to simply pull pranks. In 2015, a group of hackers identified only as “Lizard Squad” detoured Malaysia Airlines website traffic. The new homepage showed an image of a plane with the text “404 – Plane Not Found” imposed over it, in reference to controversy around Flight 370, which went missing the year prior. No data was stolen or compromised during the attack but custody of the site was frozen for several hours.
Even the most widely trusted protocols, like the domain name system, can be subverted by hackers. DNS acts as a phonebook for the internet, helping to translate between IP addresses and domain names. Through tunneling, also referred to as hijacking or poisoning, malicious domains or servers sneak traffic past a network’s firewall to perform data exfiltration.
DNS tunneling attacks are especially hazardous as they often go undetected for an extended period of time during which cybercriminals can steal sensitive data, change code and install new access points or malware.
Nearly three-quarters of organizations suffered a DNS attack in 2021, according to a study of 302 security professionals by the Neustar International Security Council, a group of cybersecurity leaders across key industries and companies.
Most cyber attacks require interaction from a user — like clicking on a link or downloading an attachment. Drive-by downloads do not. They can infect unsuspecting users while browsing corrupted websites or engaging with deceptive pop-up windows.
As the title suggests, insider threats are cybersecurity risks that originate from within an organization. These are committed by an agitated party — oftentimes a current or former employee, contractor or vendor — who misuses legitimate credentials to leak, steal or distribute internal information.
For example, at the start of the COVID-19 pandemic, a disgruntled former staff member of a medical device packaging company used his administrator access to alter over 100,000 company records.
The average cost of insider threats rose from $11.45 million in 2019 to $15.30 million in 2021.
This type of cyber attack takes on the nature of a DoS or DDoS attack that hijacks domestic, internet-connected devices such as smart speakers, TVs or tech toys to assist in data theft. Gadgets that fit within the Internet of Things usually don’t have antivirus software installed, making them easy targets for hackers.
In some instances, hackers turn entire armies of devices — dubbed botnets — against their users. Alexa, Ring doorbells and even smart fridges can be loaded with malware in one fell swoop, indicated by sluggish, zombie-like defects in performance.
More on Cybersecurity47 Cybersecurity Companies You Need to Know
When an uninvited third party puppeteers communication between two private parties — say, by using a public WiFi network — this is known as a man-in-the-middle attack.
In this example, messages between two parties are intercepted and manipulated to fit a hacker’s motive, who is pretending to play each respective role. Meanwhile, the mutual parties are unaware that their conversation is being tampered with.
Investigators at Check Point Research uncovered the “ultimate” MITM heist in 2019, when hackers diverted $1 million in venture capital funding intended for an Israeli startup to an attacker-controlled bank account in an elaborate wire transfer email scam.
Perhaps the most direct of attempts, password cracking is the process of recovering passwords through various techniques.
Often featured as a collection of tools, rootkits are a type of malware that deeply embed in an operating system upon installation. This can only be achieved after unauthorized access is gained, through means of password cracking or phishing.
Rootkits allow total administrative control over a device or system. This makes them difficult to detect as all evidence of their intrusion can be covered up, while the hacker now holds privileged access. All antivirus efforts may be subverted by the overriding malware, making rootkits nearly impossible to expunge.
Also known as cookie-hijacking or cookie side-jacking, session hijacking is a type of MITM attack that occurs when a hacker takes over a session between a client and the server while they are logged in. This is done by swapping out the attacker’s IP address for that of the client’s address, which will continue to access the server without requiring authentication.
Structured query language refers to a domain-specific standard that supports most websites. Attackers use SQL injection techniques to gain unauthorized access to a web application’s database by adding strings of malicious code in an effort to trick the database.
The intention here is to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, transfer administrative authority of the database server and expose, destroy or disqualify data.
URL manipulation, or rewriting, refers to the process of altering the parameters of a URL to redirect a victim to a phishing site or download malware. This tactic can piggyback off of current content management trends.
For example, many administrators trim URLs for user convenience. Hackers can easily “poison” a shortened URL, copying its likeness and redirecting users to a phishing trap. Cyber criminals can also guess common URL formats — by adding “/admin” or “/.bak” to the end of a site — to hack into the backend of a server.
Zero-day exploits occur when bad actors find vulnerabilities in freshly launched software or networks and exploit the bugs before the unaware manufacturer can patch them. Primarily, the goal is to steal data or cause damage.
Microsoft, Google and Apple all had to patch zero-day bugs in the first few months of 2022.
Researchers discovered one of the most dangerous zero-day vulnerabilities late last year in Log4J — a Java-based utility that is ubiquitous across consumer and enterprise systems from Apple’s iCloud to Amazon, leaving much of the internet at risk.
More on Online PrivacyOnline Privacy: A Guide to How Your Personal Data Is Used
Individuals, governments and companies — it can happen to anyone. Here are the top five cyber attacks of this year.
In possibly the biggest social engineering attack to date, scammers sent phishing emails to Google and Facebook employees that extorted $100 million from the tech giants over a two-year period. Messages that included invoices for goods and services — which were genuinely provided by the manufacturer — filed payment via direct deposit into a fraudulent account.
In 2019, a Lithuanian national, Evaldas Rimasauskas, pleaded guilty to the wire fraud theft, where he set up fake accounts that impersonated manufacturers under Google and Facebook and bank accounts in the company’s name.
A sophisticated phishing attack designed to steal Office 365 credentials impersonating the U.S. Department of Labor has made headlines as a landmark for how convincing phishing attempts have become.
The January attack used two methods to impersonate the Department of Labor’s email address — spoofing the actual email domain (“[email protected][.]gov”) and buying look-alike domains (“dol-gov[.]com” and “dol-gov[.]us”) — which went undetected by security gateways.
Additionally, emails were professionally written and stamped with official government branding, inviting recipients to bid on a government project, which contained malicious links and attachments.
Ukrainian government agencies and non-governmental organizations have dealt with Russian cyber tactics for years, like blackouts, election interference, data breaches and destructive malware on servers across the country.
Then, as the controversy of war began to manifest in February, Microsoft warned of a new spear phishing campaign by a Russian hacking group, Gamaredon. According to Microsoft’s findings, the group had allegedly been targeting “organizations critical to emergency response and ensuring the security of Ukrainian territory” since 2021.
Ukraine has since formed a volunteer “IT Army,” fixed to mounting DDoS attacks, while hacktivists from around the world have taken digital arms to aid Ukraine in the conflict. As a result, Russia has suffered data breaches and service disruptions at “an unprecedented scale,” reports Matt Burgess for The Wired.
More on Ethical HackingWhite Hat Hackers: Inside the World of Ethical Hacking
Two million Americans may have been compromised from a data breach — including names, social security numbers, birth dates, addresses, billing information and medical information — in June after attackers targeted a Massachusetts service provider, Shields Health Care Group, throughout March.
Moving south, Baptist Health System and Resolute Health Hospital in Texas announced a similar breach three months later. Both Kaiser Permanente and Yuma Regional Medical Center in Arizona also disclosed data breaches in June, affecting a combined 770,000 patients.
Rapid expansion of the cryptocurrency ecosystem has come with steep losses.
At the end of March, North Korean hackers known as the Lazarus Group used hacked private keys to steal decentralized finance (or DeFi) assets, valued at $625 million at the time, of Ethereum and USDC stablecoin from the popular blockchain Ronin.
This came after another group exploited vulnerabilities in the bridge of another platform, Wormhole, for $320 million worth of its Ethereum variant. Later, attackers targeted the stablecoin protocol Beanstalk, granting themselves a “flash loan” to steal about $182 million in cryptocurrency in April.
According to the REKT Database, the world’s first database of DeFi scams, hacks and exploits, DeFi protocols have lost $4.75 billion in total due to scams, hacks and exploits since inception, with only $1 billion successfully recovered.
Because you can never be too safe, here are some best practices to consider when taking preventative action against cyber criminals:
