Picture: 123RF/wbraga
Picture: 123RF/wbraga

Washington — An estimated 2-million cyber attacks in 2018 resulted in more than $45bn in losses as city councils worldwide struggled with ransomware and other malicious incidents.

The Internet Society's Online Trust Alliance, compiling data from the US and international sources, said other important losses came from fraudulent takeover of business e-mail credentials as well as cyptojacking, or hijacking a computer or network, to generate bitcoin or other virtual currency.

According to a study,  cyber criminals are getting more sophisticated in targeting victims, and many attacks could have been averted by improved computer security.

Various security researchers found as many as 6,515 computer breaches and 5-billion records exposed in 2018.

Jeff Wilbur, technical director of the alliance, said estimates in the study reported on Tuesday are conservative as many attacks are not reported.

“The financial impact of cybercrime is up significantly and cyber criminals are becoming more skilled at profiting from their attacks,” Wilbur said.

About $8bn in losses were caused by ransomware attacks, including high-profile incidents on the cities of Atlanta, Georgia, and Baltimore, Maryland that forced the municipalities to rebuild their networks.

While the number of ransomware infects fell an estimated 20%, the financial losses surged 60%, the report said.

Attackers also continued to profit from phishing, e-mail scams that impersonate employees or vendors. This “business e-mail compromise” resulted in $1.3bn in losses in 2018, said the report.

The annual report aggregates data from security firms such as Symantec and Trend Micro, law-enforcement agencies including the FBI, and international organisations.

Among high-profile data breaches were the 1.1-billion records of Aadhaar, India’s national ID database, and the attack on the Marriott-Starwood hotel chain, which affected 383-million people.

Wilbur said that while some incidents show growing skills of attackers, the methods remained consistent over the years, generally tricking people to  respond or click. "The way they get in continues to be relatively constant,” he said.

“You hear about super-sophisticated attacks, and for the most part they are not that sophisticated. For the most part they could have been prevented.”