Daily Management Review

New Report Says Financial Gains The Prime Motivator For Cyber Attacks


New Report Says Financial Gains The Prime Motivator For Cyber Attacks
Financial gains remained the primary motive of hackers conducting cyber attacks since 2019, concluded a recent annual report by Verizon called the Data Breach Investigations Report.
The report was published on the very day that the airlines firm EasyJet said that its servers were hacked and hackers had stolen personal data of about 9 million of the customers of the company which included the credit card details of more than 2,000 customers.
About 86 per cent of all the cyber attacks that took place since 2019 were aimed for making financial gains compared to the same figure being at 71 per cent in the previous year, found the Verizon report. It also noted that many of the cyber attacks were implemented by organized criminal groups.
The report also found that espionage, ideology and so-called "secondary" motivators, which include reasons such as a desire to steal intellectual property or trade secrets were among the other motivators for the attacks.
The report by the company was based on analysis of 32,002 security attempts, as well as 3,905 confirmed breaches  that were reported to authorities by 81 organizations belonging to a wide range of industries all across the world.
"Every year I am surprised by the number (of financially motivated attacks)," Sowmyanarayan Sampath, president of global enterprise for Verizon Business Group, said. "If you look at most of the news that's out there, you see state actors, espionage, trade secrets, but most of these breaches are people wanting to steal money from you."
The report also classified the financially motivated attacks under categories or types which included an intention to conduct direct theft money of a person or a company such as through their bank account, or financial information. Hackers seeking financial gains also intended to conduct theft of information that could be sold - for example on the dark web. The categorization also includes cyber attacks related to ransomware attacks that accounted for 27 per cent of the malware incidents the report analyzed. Anywhere from around $1,000 to hundreds of thousands of dollars could be the cost of such attacks a company.
One of three common issues - credential theft, social attacks such as phishing, and human errors such as writing down a password somewhere where others can see it, was the cause of the majority of breaches — at least 67 per cent. Sampath said that since people have poor "password hygiene" such as using weak passwords or the same password across multiple websites often makes conducting credential theft easy.
"If you have common passwords for many sites, and one site gets exposed and that information is available on the dark web, (bad actors) will go through and try different sites to see what opens up," he said.
Another growing way hackers carry out breaches is hacking is the hacking of web applications, such as online email or remote collaboration systems which has become rampant with the use of growth of cloud computing. According to the report, over the past year, there was a 43 per cent growth in web application attacks.
And currently with so many people working from home and information sharing over the internet more rampant, it is more important for companies to be at even higher levels of alert for potential cybercrime. In order to access company information and servers, remote workers likely use web applications more often which could make such information more likely to be more vulnerable to phishing schemes, which have increased many times in recent weeks, Sampath said.