Cybercriminals more skilled in 2018, businesses vulnerable, report finds

The huge increase comes despite the fact that overall breaches and exposed records were down in 2018, said the alliance report, which identifies and promotes security and privacy best practices that build consumer confidence in the internet,
The data shows that cybercriminals are getting better at monetising their activities, said the Cyber Incident & Breach Trends Report. OTA estimates that the more than 2 million cyber incidents in 2018 resulted in over $45 billion (Bt1.3 trillion) in losses, with the actual numbers expected to be much higher as many cyber incidents are never reported.
“While it's tempting to celebrate a decreasing number of breaches overall, the findings of our report are grim,” said Jeff Wilbur, technical director of the Internet Society’s Online Trust Alliance. “The financial impact of cybercrime is up significantly and cybercriminals are becoming more skilled at profiting from their attacks. So, while there may be fewer data breaches, the number of cyber incidents and their financial impact is far greater than we’ve seen in the past.”
In the report, OTA noted a steep rise in cyber incidents like supply chain attacks, business email compromise and cryptojacking. Some attack types, such as ransomware, are not new but continue to be lucrative for criminals. Others, such as cryptojacking, show that criminals are shifting their focus to new targets. The top trends from the Cyber Incident & Breach Trends Report include:

- The rise of cryptocurrency breeds new cybercriminals.
In conjunction with the increasing prevalence of cryptocurrency comes the rise of cryptojacking, which tripled in 2018. This is a specific type of attack aimed at hijacking devices to harness computer power at scale to efficiently mine cryptocurrency. OTA believes these incidents are increasingly attractive to criminals as they represent a direct path from infiltration to income, and are difficult to detect. 
- Deceptive email.
Though well-known as an attack vector, business email compromise doubled in 2018, resulting in $1.3 billion in losses as employees were deceived into sending funds or gift cards to attackers who use email to impersonate vendors or executives. 
- Attacks via third parties
Supply chain attacks in which attackers infiltrate via third-party website content, vendors’ software or third-parties’ credentials. Though not new in 2018 (similar past exploits include Target in 2013, CCleaner and Not Petya in 2017), but they continue to proliferate and morph.
- Governments under attack
While the total number of ransomware attacks was down in 2018, the OTA report noted a troubling rise in reported ransomware attacks against state and local governments in 2018 and early 2019.
“Our report findings indicate that cybercriminals are using their infiltration ability to focus on new, more lucrative attacks,” said Wilbur. “Staying up-to-date on the latest security safeguards and best practices is crucial to preventing attacks in the future.”