A study using data from the Center for Strategic and International Studies (CSIS) looked at how cyberattacks are distributed across the globe and the most common techniques used in cyberattacks.
Large-scale cyberattacks usually have one of two targets: companies or governments. This is where bad actors looked to either inflict the most damage or to compromise systems and ask for ransom. Their purpose is rarely a secret, and it’s not difficult to quantify their impact.
Researchers from Specops Software took the data provided by CSIS and compiled a list of the most affected countries. In this case, for a cyberattack to be taken into consideration, it needed to inflict losses of at least $1 million. The figure might seem high, but it’s actually not, if you consider the targets.
As was to be expected, the United States registered the highest number of cyberattacks, at 156, between May 2006 and June 2020. Even if they’re spread across 14 years, 2018 saw the most significant wave, with 30 cyber-attacks in a single year.
“One of the USA’s most recent breaches, in May 2020, was brought to light by the National Security Agency (NSA), who found that Russian hackers were exploiting a bug in a commonly used email server to infiltrate sensitive data from American organizations,” say the researchers.
The United Kingdom saw the second-highest number of attacks, at 47, including a large-scale cyberattack against the Labour Party’s digital platforms during the 2019 general election.
India is the third worst-hit country, with 23 attacks, followed by Germany with 21. The total worldwide sits at 430 attacks in the past 14 years. And this is if we only count the ones that registered at least $1 million in losses.
As for the preferred methods, DDoS remains the preferred technique, mostly because numerous services offering large DoS capabilities have surfaced in the past few years.
Other preferred techniques include SQL injection, man-in-the-middle (MitM) and phishing attacks. Of course, these are not the only ways that bad actors compromise an organization, and companies always have to be on the lookout for the next threat.