How Cybercrime has Grown in the last decade

By Luke Smits - Founder & Operations Manager
A cybercriminal attacking a system

Over the past decade, the world has seen a dramatic increase in the frequency and sophistication of cybercrime. With the widespread use of technology and the ever-increasing amount of data stored online, cybercriminals have found new and creative ways to exploit vulnerabilities in computer systems and networks, causing significant financial losses, reputational damage, and even putting people's lives at risk.

In this blog post, we’re going to highlight how cybercrime has grown in the last decade, the new threats that have emerged, and what individuals and organizations can do to protect themselves in the face of this growing threat.

The largest Cyberattacks of the last decade

Australia has seen some huge cyber attacks in the last few years and we have written a post about how Australia ranks for cyber security. But, even some of our largest hacks pale in size to some of the cyber attacks that have happened in the US this decade.

Here is a list of the most famous (and some of the largest) data breaches in the last decade (technically we have given it 11 years to include some large ones that happened in 2012).

10 – Equifax. Back in 2017 the personal information of 147 million people was stolen from Equifax. This data was particularly sensitive as it included very personal information such as full names, emails, DOBs and security questions.

9 – JPMorgan Chase. In 2014 JP Morgan Chase had 76 million homes and 7 million business users’ data stolen including names, addresses, phone numbers and emails.

8 – Anthem. This large health care insurer had around 80 million users’ accounts breached affecting multiple brands, both employees and customers including names, social security information, DOBs and addresses.

6 – Dropbox – The Dropbox data breach in 2012 affected 68 million Dropbox users.

The breach occurred when hackers gained access to Dropbox's user database, which contained the usernames and passwords of approximately those Dropbox users. The attackers reportedly used stolen employee credentials to gain access to the Dropbox network and then used a flaw in Dropbox's security system to access the user database.

7 – eBay – In 2014, eBay announced that it had been the victim of a cyber attack that compromised the personal data of 145 million users. The attack was initiated through stolen employee login credentials and lasted for several months before it was detected by eBay's security team.

5 – Sony Pictures –This hack of 145 million user accounts was made famous because it targeted the movie studio's computer systems, resulting in the theft and leak of confidential information.

The hackers gained exploited a vulnerability in their network security, allowing them to steal and leak sensitive information such as employee salaries, personal emails, and unreleased movies. The attackers also demanded that Sony cancel the release of the movie "The Interview," which depicted the assassination of North Korean leader Kim Jong-un. In response, Sony Pictures initially pulled the release of the movie but later made it available online.

The attack resulted in significant financial losses and reputational damage for Sony Pictures. It also raised concerns about cybersecurity and the potential for state-sponsored hacking attacks on private companies.

4 – Target – Attackers gained access to Target's computer systems by using stolen credentials from one of Target's third-party vendors. Once inside the network, the attackers were able to install malware on Target's point-of-sale (POS) systems, which allowed them to steal credit and debit card information in real-time as customers made purchases, affecting around 70 million customers.

3 – Linkedin – The attackers were able to exploit a vulnerability in LinkedIn's security infrastructure to gain access to the user database. Once inside, they were able to steal the email addresses and encrypted passwords of more than 167 million LinkedIn users. The passwords were encrypted using the SHA-1 algorithm, which is now considered to be insecure.

The attackers used a combination of brute-force attacks and password dictionaries to crack the encrypted passwords, which they then sold on the dark web. The stolen data was later used in phishing attacks and other forms of cybercrime.

2 – Marriot Hotels – Considered to be one of the largest data breaches in history, with the personal information of approximately 500 million guests compromised.

The breach was discovered in September 2018, and it was revealed that unauthorized access to the Starwood guest reservation system had been ongoing since 2014. The attackers were able to steal personal information such as names, addresses, phone numbers, email addresses, passport numbers, and in some cases, credit card information of millions of guests.

Marriott International attributed the breach to a state-sponsored cyber attack, but the identity of the attackers remains unknown.

1 – Yahoo. The winner, or loser, however you see it, was Yahoo who had data breaches in both 2013 and 2014 where all 3 billion (yes, billion with a ‘B’) users were stolen, including names, emails, DOBs and security questions.

While these may appear to be US-based businesses, and they are, their effects were felt worldwide. They’re also a reminder that it doesn’t matter how big your company, everyone is vulnerable to cybercrime.

How cybercrime has changed in the last decade

Aside from the above, here are some other big names that have been publicly affected by cybercrime:

  • Toys R Us
  • Optus
  • Uber
  • Adobe
  • Capital One
  • Twitter
  • SolarWinds
  • ANU
  • Medicare
  • Australian Red Cross Blood Service
  • Comm Bank
  • Federal Parliament

It’s going to flip soon and become easier to list who hasn’t been hacked.

A decade ago larger businesses and nation-state systems were in the cross hairs, with traditional attacks such as phishing and malware but the rise and prevalence of ransomware and supply chain attacks means that any unsecured network and valuable data is now a target.

There has been growth in cybercrime associated with commodity malware such as Zeus and password stealers and with the Cryptocurrency industry came the widespread targeting of cryptocurrency platforms – aka ‘cryptojacking’. 

Cybercriminals are becoming increasingly sophisticated in their methods, using advanced tools and techniques to target their victims. This includes the use of advanced malware, social engineering tactics, and other techniques that can evade detection by traditional security measures.

This has made Cybercrime increasingly costly, with estimates suggesting that the global cost of cybercrime could reach $10.5 trillion annually by 2025. This includes the cost of lost data, business disruption, and damage to reputation.

How to protect your small business from Cybercrime

We have a great post here on how to protect your small business from cybercrime but essentially it comes down to two branches:

Preparation and defence.

The attacks we have listed above, particularly the Marriott breach that lasted for 4 years are a stark reminder of what can happen when you don’t put security strategies in place. You leave your business open to attack which can be fatal to a small business.

Don’t let that happen to your business. Implement strong security protection for your business.

 

Use these massive and PR-damaging examples as a warning, don’t sit back and leave your business vulnerable to cybercrime.

Have a question about Cyber Security? Get in touch.



« Back to News