Colonial Pipeline. Microsoft Exchange. SolarWinds. More and more companies in the U.S. and around the world fall prey to cyberattackers, a trend driven in part by the proliferation of internet-connected devices and the low barriers for entry for would-be hackers, since ransomware and other types of malicious software are available for sale on the dark web.
In addition, the pandemic has facilitated hackers’ efforts, as employees have transitioned to working from their homes, which tend to be less secure than the office, and spend more time than ever on the internet. So-called “phishing” is one of the most frequently used mechanisms for hackers to deliver their attacks, usually through emails laced with malicious code in attachments or links.
Among the preferred types of attack for threat actors is now ransomware—a type of malware that attackers use to lock up files—according to a recent report by the Identity Theft Resources Center. Ransomware can generate big payouts, as the Colonial Pipeline incident earlier this month showed. On the other hand, cybercrimes where hackers exfiltrate an entire database they hope they can later sell declined 19% in 2020 compared with the year before, according to ITRC.
But it’s not just criminal hackers. In the last year, hacking teams tied to nation-states have attempted to breach vaccine makers, government agencies, even cybersecurity companies.
Most hacking attempts fail and some that succeed are relatively minor. But some hacks have exposed personal identifiable information of billions of individuals and caused major financial pain to tech, healthcare and retail giants. Bloomberg News gathers and analyses data on major cyber attacks that expose 1 million records or more. Since January 2020, 58 corporate, government and non-profit organizations have experienced such breaches which exposed 774 million records. Over the course of more than a decade, the tally exceeds 11 billion records across almost 335 entities.