An estimated two million cyberattacks last year resulted in more than $45 billion in losses worldwide as local governments struggled to cope with ransomware and other malicious incidents, a study showed on Tuesday.
The Internet Society’s Online Trust Alliance, compiling data from the US and some international sources, said other important losses came from fraudulently taking over business email credentials as well as “cryptojacking” or hijacking a computer or network to generate bitcoin or other virtual currency.
The report suggested cyber criminals are getting more sophisticated in targeting their victims, but also noted many attacks could have been prevented with improved computer security.
Various security researchers found as many as 6,515 computer breaches and five billion records exposed last year.
Jeff Wilbur, technical director of the alliance, said the report’s estimates are conservative because many attacks are not reported.
“The financial impact of cybercrime is up significantly and cyber criminals are becoming more skilled at profiting from their attacks,” Wilbur said.
Some $8 billion in losses came as the result of ransomware attacks including high-profile incidents targeting the cities of Atlanta, Georgia, and Baltimore, Maryland that forced the municipalities to rebuild their networks.
While the number of ransomware infects fell by an estimated 20 per cent, the financial losses surged by 60 per cent, the report said.
Attackers also continued to profit from a variety of email scams that impersonate employees or vendors, a technique also known as “phishing”.
This so-called “business email compromise” resulted in some $1.3 billion in losses last year, according to the report.
The annual report aggregates data from security firms such as Symantec and Trend Micro, law enforcement agencies including the FBI, and international organisations.
Among the high-profile data breaches was the attack on the Marriott/Starwood hotel chain which impacted 383 million people.
Wilbur said that while some incidents show growing skills of attackers, the methods have been consistent over the years – generally inducing someone to respond or click on false pretences.
“The way they get in continues to be relatively constant,” he said.
“You hear about super-sophisticated attacks and for the most part they are not that sophisticated. For the most part they could have been prevented.”