Welcome to our first cybersecurity report. Every Friday, we will provide you with a review of the most relevant cybersecurity events.
This week, we are addressing the latest figures regarding both consumers and businesses’ financial loss, as well as two attacks which made the headlines over the past few days.
Cyber Attacks are becoming more financially damaging
This week, the White House released a report on the impact of cyber-attacks on the US economy. The report based its analysis on the financial damages of the year 2016, estimated between $57 billion and $109 billion in 2016. Those numbers highlight the need for stronger security measures across all sectors and organizations, as the impact on one target can easily impact a large number of other actors. This is what we can expect from an attack such as the one recently announced by the Russian Central Bank. Last year, hackers took control of a computer to transfer 339.5 million roubles ($6 million), using the SWIFT payment messaging system. No more information has been released yet on the author of the digital heist, nor on further consequences.
On the consumer perspective, Norton released its annual report, stating last year, 44% of consumers were impacted by malicious activities, with an average cost of $142 per victim. More than 6 million Australians are said to have been victims of cybercrime, 3.43 million people in the Netherlands. The report also presents a portrait of the victims, with two of the characteristics related to a lack of awareness and respect of basic security measures. For instance, 22% of them used one common password across all of their online accounts. In total last year, $600 billion was lost last year, according to McAfee and the Center for Strategic and International Studies.
Hence, all these reports underline a remaining underinvestment in cybersecurity measures from both businesses and consumers, while the number and extent of attacks increase at a much faster pace.
Tax Refunds and Cyber Crime
It is tax refund season in the US, meaning millions of Americans are filling papers with critical information, most of the time through third-party businesses specialized on the matter. A new and growing tax scam uses data stolen from Tax businesses to make taxpayers fill fake tax refund. The fake refund is then transferred to their real bank account before the criminals claim it back. They do so following two different methods using fake IRS agent. They will either claim an error and request a transfer back or will threaten of criminal charges. The IRS has issued several warnings regarding the fraud who already stole from thousands of individuals.
The ‘Telugu Bug’
For several days, a text bomb made Apple devices crashed down. One character from the Telugu language was responsible for it. A simple notification containing the character would freeze the devices making it easy for hackers to hit a large audience. It affected apps such as WhatsApp, Apple messenger, Messenger, Outlook, Gmail, Facebook, and Twitter. Apple has since released a new update (iOS 11.2.6 for iPhone and macOS High Sierra 10.13.3 Supplemental Update for MacBook), correcting the vulnerability.
This week’s news proves again the global and still growing impact of cyber attacks across industries and actors. Both organizations and consumers faced damaging costs last year and the first events of 2018 already confirm the level of urgency of current cyber threats. Last but not least, it is most likely that yesterday’s impacts might still have consequences in the near future.