The rate of industrial cyber-attacks has grown exponentially, with data breaches in the first half of 2019 alone exposing 4.1 billion records.
Cybercrime has reached such magnitude that if the financial losses were converted into GDP, it would constitute the world’s third-largest economy. Cybersecurity Ventures predicts that the global loss due to online attacks reaches a staggering $6 trillion by 2021 and up to $10.5 trillion annually by 2025.
According to Gartner Research, the ever-expanding worldwide information security market is forecast to reach $170.4 billion in 2022.
The most prevalent types of cyberattacks are phishing, social engineering, whaling, Distributed Denial of Service (DDoS) attacks, malware, and ransomware. While specific industries are more susceptible to particular cyber threats resulting from the industries’ outdated IT infrastructure, especially public healthcare suppliers, specific online industries bear the brunt due to their business models and digital infrastructures.
DDoS, malware, and ransomware are particularly adept at targeting online industries, with 71% of the breaches financially motivated. We’ll touch on the online sectors considered to be prime targets.
Statista forecasts that the global video game market will be worth more than $138 billion by 2021, which led to this online industry becoming the most targeted by cyber attacks.
In addition to the market size, the gaming industry is an attractive target due to its unregulated market of in-game purchases and rare items. Not forgetting that the speed at which technology progresses leaves the sector susceptible to identity and access management challenges, policy violations, misconfigurations, and threats. Furthermore, attackers have identified gamers as a niche demographic with disposable income and a penchant for in-game purchases.
According to cybersecurity leaders Imperva, the relatively security-immature gaming industry accounted for 35.92% of the total DDoS attacks in 2019. Research has found that gaming represents such a large percentage of these particular attacks due to players’ willingness to pursue drastic measures to win.
A 2020 lawsuit brought forward against a purported DDoS-for-Hire service by game developer Ubisoft highlighted an instance where players could use DDoS to win multiplayer online games. This tactic’s reasoning lies in the fact that once a player loses connectivity, the player that remains online is victorious.
DDoS only accounts for a portion of attacks with additional cyber threats such as phishing, malware, and social engineering used to steal gaming accounts and passwords. From here, hackers can sell gaming accounts, game-related artifacts, or trick gamers into launching third-party software entirely unrelated to the game.
2. Online Casinos
The online industry most frequently targeted after gaming is the online gambling industry. This industry boasts a 2020 market size of $59 billion and is primarily technology-driven, with new advances rapidly integrated into online casino platforms to outperform rival online casino operators.
Compared with gaming, online casinos have faced significant industrial cyber attacks over the years. Still, they have come out on top due to the industry’s maturity and acknowledging the dramatic repercussions a successful attack could pose. The industry has taken heed of any potential cyber risks and acted accordingly to safeguard its platforms. The introduction of cryptocurrency as a form of payment further protects players’ identities and personal information as blockchains are virtually impossible to hack.
Successful cyberattacks are far and few between, although SBTech, an iGaming, reported a ransomware attack in March 2020. The company shut down its global data centers for more than 72 hours, leaving its customers without consumer-facing websites. The company successfully prevented any data breaches despite the attack with zero data compromised.
Fortunately, online casinos employ stringent safety protocols and incorporate sophisticated bank-grade encryption to keep players’ personal and financial details secure. DDoS attacks are frequent, with the online casino industry experiencing 32.25% of the global DDoS attacks in 2019, but most online casinos have reacted to this threat by implementing Cloudflare DDos Protection.
Online casinos approved and reviewed by industry regulators have the know-how and high-tech to safely deal with these attacks.
3. Computers and internet
Cloud services have come under severe threat, with research from DivvyCloud indicating that data breaches that resulted from cloud misconfiguration costing businesses nearly $3.18 trillion in 2019.
A Trustwave Global Security Report released in 2020 detailed that the volume of attacks on cloud services more than doubled (a 250% spike) from mid-2019 to mid-2020.
Before 2019 the main reasons for server hacks were to exfiltrate sensitive corporate information, set up DDoS infrastructure, or other cybercrime variances. Investigations detailed in Aqua’s 2020 Cloud-Native Threat Report have revealed that the vast majority of recent attacks on cloud servers aim to mine crypto by taking control of the servers by planting malware that hackers upload to public registries.
Taking control of cloud services has become so competitive that malware now incorporates complex techniques that effectively disable rival malware on the same hacked system.
According to Deloitte’s 2020 annual forecast, E-commerce holiday sales would reach $196 billion in the festive season, resulting in a 35% increase year on year. The incredible revenue naturally attracts hackers that have pivoted from outdated POS (Point of Sale) malware to web-skimming.
IBM’s X-Force Exchange, a threat intelligence platform, indicates that e-commerce threats have increased fourfold since 2018. The vast majority of the online threats now originate from seven to 12 groups collectively referred to as Magecart, with the term synonymous with web-skimming.
According to RiskIQ, a Leader in Attack Surface Management, an average of 425 Magecart incidents occurred every month in 2020.
5. Cryptocurrency Exchanges
Cryptocurrency exchanges and startups are high-value targets for industrial cyber attacks. Successful breaches can result in massive financial losses from cryptocurrency and user database theft.
Hacker access to user databases is exceptionally problematic for investors as exchanges store large user databases containing sensitive personal information, including user-submitted documents used to verify their identity with crypto exchanges. These documents often take the form of government-issued ID, selfie, or proof of address, which could put investors at risk of targeted attacks and identity theft.
Cryptocurrency exchanges suffered massive losses in the last two years, with $170 million stolen from Italian-based Nano in 2018. The same year, a Korean crypto exchange Coinrail reported losses of over $40M in tokens following a hack.
The popular crypto exchange, Binance, reported a loss of more than $40 million in bitcoin after a well-orchestrated hack in 2019.
In 2020 Harvest Finance lost $24 million after a hack, while a cyberattacker stole roughly $150 million in crypto stored in hot wallets from KuCoin.
Cybersecurity issues are becoming an everyday concern for online industries. Recent studies and cybersecurity reports detail an exponential increase in data breaches and online attacks from various sources, with these attacks accounting for billions in global financial loss.
Additionally, research suggests that a vast majority of online industries are poorly-equipped to handle the constant onslaught of attacks in an ever-changing technological arena, with many companies maintaining poor cybersecurity practices and unprotected data at severe risk of breaches.
As mentioned, numerous online industries have suffered colossal losses due to ineffectual security precautions, with company cultures forced to incorporate prevention and security best practices for fear of further repercussions. However, the fight is far from over as hackers continually change their strategies and target industries ill-equipped to defend their assets.
Fortunately, many high-risk online industries refuse to succumb to any type of cyberattacks and invest vast amounts of time and resources in safeguarding their platforms and data, which bodes well for its users and investors.