Cybercrime caused over $25 billion in damages globally since 2015

According to an analysis by Atlas VPN, cybercrime damages across the world reach $25.4 billion since 2015. Our other research suggest that such numbers could reach $27 billion by 2025.

Newsfeeds around the world have been buzzing with various high-profile cyber incidents for the better part of the decade. Yet, in the vast majority of cases, the actual financial losses incurred by the incident remain unknown. 

The analysis in this report looks at the 100 largest cybercrime incidents from 2015 until the middle of 2020. The data was extracted and provided by Cyentia Institute and F5 Labs.

The report includes most of the largest cybercrime losses in history, like those at Facebook ($5.1B), Experian Plc($2.0B), Equifax Inc. ($1.7B), Merck & Co Inc.($1.3B), FedEx Corp. ($1.0B), Monex Group, Inc.($911M), British Airways Plc($715.1M), Marriot International Inc.($432M), Saint-Gobain($384M), Maersk($300M).

The damages are sorted by the cause of the cyber incident, to clearly show the costliest types of attack types. 

To start with, hacking incidents caused by credential attacks are at the top of the list with $6.4 billion in damages. This is will not surprise those who have been closely monitoring the cyberthreat landscape, as various data leaks throughout the years have provided hackers with millions of credentials to use for credential stuffing attacks.

Credential stuffing is a cyber-attack where fraudsters use large numbers of stolen credentials to log into individuals’ or companies’ accounts. From there, hackers request ransoms or publish the stolen records on the dark web. 

Most of the damages are not caused by the loss of data itself, but by the reputational damage that reduces the company's earnings and stock prices, as in the case of Facebook. 

Next up on the list are backdoor attacks, with damages surpassing $5.6 billion since 2015. Backdoor instructions get around set security measures to gain administrative privileges to a computer or a network within the victim organization.  

Users usually “catch” this type of virus by downloading files from scam websites or by downloading an email attachment from fraudsters. Consumers should stay with trusted download sources, like Google Play Store or Apple App store. Otherwise, they run the risk of installing an application with a hidden gift, which is why these attacks are referred to as trojans.

Third on the list is vulnerability (CVE) exploit hacks, bringing $4.7 billion in losses. CVE, short for Common Vulnerabilities and Exposures, is a list of publicly disclosed computer security flaws. Being publicly disclosed, most of these attacks could have been prevented by simply updating the software.

Spyware ($2.4B), remote admin tool hacks($2.2B), and application exploits($1.8B) all caused billions of dollars in damages. 

By looking at the data provided, enterprises can better understand what types of attacks are costliest. Hopefully, this analysis will allow them to focus on preventing these intrusions. 

Security tips for users 

While most people have read various articles about cybersecurity measures that will protect them from cyber threats, the never-ending wave of cybercrime reveals that rarely do people implement what they read. 

That is why we believe that repetition is necessary when it comes to security practices. We will cover the main tips that will protect users from upwards of 90% of threats on the web.

• Make sure your passwords are strong. Weak passwords are used in brute force attacks. Your password should be one-of-a-kind, long, and difficult to guess. When feasible, combine lowercase and uppercase letters, as well as numbers and other symbols.
• Two-factor authentication (2FA) should be used whenever possible. 2FA adds a second layer of authentication if it is enabled. When you try to log in to your account, you'll be asked to input a unique code that only you have access to. Each login attempt will require further verification, preventing a majority of intrusions from succeeding.
• HaveIBeenPwned.com should be checked on a frequent basis. With more and more data breaches being disclosed, it's worth checking to see if your accounts are secure. 
• Use a virtual private network (VPN). A VPN can improve your overall online security and privacy. VPN hides everything you do online by encrypting your traffic. It safeguards you against a variety of attacks, such as hacking, data or identity theft, surveillance, and more.