- Author|ESafe
- Source|Baijiahao
- Release time|2021-01-22
According to a leading non-profit organization, the number of publicly reported data breaches in the U.S. decreased by 19% in 2020, due to attackers shifting from large-scale theft of customer data to more profitable strategies, such as the use of ransomware.
The Identity Theft Resource Center (ITRC) compiled the 2020 annual report based on company announcements, mainstream news reports, government agency reports, and information and data from cybersecurity companies and researchers.
The report recorded a total of 1,108 cybersecurity incidents, a decrease of nearly one-fifth from 2019, and nearly 301 million people were affected. This data is also down 66% from 2019.
Further analysis showed that among the 1,108 network security incidents, there were 1,001 violations and 107 data breaches. These data are often caused by the misconfiguration of the cloud server.
ITRC claims that statistics show that cybercriminals are being attracted by ransomware and targeted e-mail attacks, using previously stolen login names and phishing tactics instead of massively stealing personal data.
"Ransomware and phishing require lower input from the attacker. Most ransomware and phishing software are automated, and the revenue generated is much higher than the theft of personal accounts," ITRC continued. "The revenue generated by a ransomware attack in a few minutes is equivalent to the revenue generated by hundreds of personal identity thefts in months or years."
According to Coveware, in fact, the average ransomware payment in the fourth quarter of 2020 was US$233,000, compared to only US$10,000 in the third quarter of 2018.
Phishing can also help attackers obtain considerable commercial email compromise (BEC) profits. BEC’s total losses in 2019 reached US$1.8 billion, accounting for half of all cybercrime losses reported to the FBI.
In terms of actual damage, in 2020, ITRC recorded 878 cyber attacks, the most of which were used for phishing/phishing and BEC, accounting for 44%, followed by ransomware, accounting for 18%.
However, ITRC CEO Eva Velasquez warned that despite the macro trend, the vulnerability problem will not disappear, and hundreds of millions of consumers are still affected by the vulnerability.
The news of vulnerability attacks reported in 2020 has received weaker attention due to the increasing popularity of supply chain attacks, and more users may actually be affected.
For example, last year's ransomware attack on Blackbaud affected 475 corporate customers, resulting in the disclosure of information for 11 million people. Velasquez said: “Cybercriminals just changed their attack strategy and found a new way to attack businesses and consumers.” “It is vital that we adjust our practices and transfer resources to lead threats. One step."