Unveiling the top hacking methods across industries

Last year, more than half of UK businesses fell victim to cybercriminals and bad actors. The pandora’s box of cybercrime is open, as the worldwide economic impact of cybercrime reached up to US$45 billion in 2018, according to the Internet Society’s Online Trust Alliance (OTA).

In light of cyberattacks globally and across industries, Specops Software released a report with a breakdown of how the nature of cybercrime can change across industries.

Research comprised interviews with more than 1,700 respondents from a range of sectors, and whether their companies had fallen victim to any cyberattacks in the past five years. Respondents were asked about the types of attacks they were subject to, the list including phishing, clickjacking, malware attacks, Man-in-the-Middle (MITM), and Denial of Service (DDOS) attacks. 

Industry-specific cyberattacks 

One of the most common techniques across various industries is phishing (71 percent). Phishing is often used to steal valuable data such as a user’s credit card details or login credentials. Cybercriminals will style malicious websites to look like legitimate pages, where users will key in sensitive information unknowingly. 

Besides that, clickjacking—a malicious technique that tricks users into clicking an invisible or disguised element on the website to perform unintended acts. This form of hacking accounts for 66 percent of attacks in the education domain.

In addition, the severity of attacks in the healthcare system has led the US Department of Health and Human Services to release a warning on the dangers of HTTPS interception products designed to inspect network traffic for malware. The installation of HTTPS inspection products indicated a downgraded security system and placed many healthcare systems at high risk of MITM attacks. 

Succesful MITM attacks (62 percent) have caused the healthcare industry immense loss of funds, credibility but essentially, patient’s healthcare records and payment details. Besides stealing data, MITM actors would inject malicious codes into systems or alter sensitive information in patient records. 

In addition to that, hackers are adept at taking advance of unsuspecting victims, as seen in waterhole attacks. The advertising and media companies indicated that waterhole attacks happened most frequently (59 percent). 

In terms of the technical service industry, 58 percent experienced a DDoS attack in which hackers attempt to prevent legitimate users from accessing services. Whereas, macro malware hidden in documents and distributed to a large pool of unsuspecting users is a common method used in the finance and legal sector (51 percent). 

Furthermore, burrowing malware is used to infect and harvest data in government and hospitality sectors. With 37 percent of burrowing malware cases reported by government bodies and 44 percent in the retail/hospitality industry, employees need to be wary of the dangers in opening documents injected with malicious intent. 

Based on IBM’s Cost of a Data Breach report, the average cost of a data breach is USD$3.92 million and the US ranked as the country with the most expensive average cost of a data breach—US$8.19 million. 

In this regard, a robust cybersecurity system may save companies from a million-dollar compensation check, but there are some golden practices that can make a big difference as well. 

Cybersecurity expert Darren James shared several; diligent and frequent updates of antivirus software, early detection and report of unusual activities and, lastly, refrain from opening documents or clicking on links when in doubt.