Articles

Weak Passwords Caused 30% of Ransomware Infections in 2019

Weak passwords caused 30% of Ransomware Attacks in 2019-PreciseSecurity.com

As one of the leading types of cyber-attacks, ransomware is expected to dominate cybercrime in 2020. According to PreciseSecurity.com research, weak passwords were one of the most common cybersecurity vulnerabilities in 2019, causing 30% of ransomware infections in 2019.

Weak Passwords Are the Third Most Common Ransomware Cause Globally

The recent PreciseSecurity.com research revealed that phishing scams caused more than 67% of ransomware infection globally during the last year. Another 36% of Mail Protection Service users reported ransomware attacks caused by the lack of cybersecurity training. Weak passwords were the third most common reason for ransomware infections globally in 2019.

The 30% share in the combined number of ransomware infections during the last years indicates a concerning level of password security awareness. The 2019 Google survey about beliefs and behaviors around online security showed that two in three individuals recycle the same password across multiple accounts. More than 50% admitted using one “favorite” password for the majority of the accounts. Only one-third of respondents knew how to define the password manager.

Only 12 % of US Online Users Take Advantage of Password Managers

The 2019 Statista survey reveals that 64% of US respondents find stolen passwords as the most concerning issue about data privacy. However, such a high level of concern didn’t affect their habits related to keeping track of login information.

According to the findings, 43% of respondents reported that their primary method of keeping track of their most crucial login information was to write it down. Another 45% of respondents named memorizing the login data as their primary method of tracking. At the same time, only 12% of US online users take advantage of password managers.

23.2 Million Victim Accounts Globally Used 123456 as Password

Using hard-to-guess passwords represent the first step in securing sensitive online information. However, according to the UK’s National Cyber Security Centre 2019 survey, password re-use and weak passwords still represent a significant risk for companies and individuals all over the world.

The breach analysis indicated that 23.2 million victim accounts from all parts of the world used 123456 as a password. Another 7.8 million data breach victims chose a 12345678 password. More than 3.5 million people globally picked up the word “password” to protect access to their sensitive information.

 

US Health Data Breaches Rises with 40 Million Affected in 2019 Alone

The United States has experienced a steady increase in the number of data breaches within the healthcare sector. Data gathered by PreciseSecurity.com shows that 40 million Americans were affected by health data breaches in 2019 alone.

This was the highest number recorded since 2015 where more than 113.27 million records were exposed to unauthorized individuals. This was an increase of about 84% from 2014’s 17.4 million exposed health records.

From the high of 2015, there were improvements with breached records dropping only to spike in 2019. Between the four years, 2017 recorded the least breaches at 5.1 million while 2019 breaches rose by 65% from 2018’s 14 million.

The data shows that 2012 was the best with the least number of health breaches. Only 2.8 million records were exposed to represent a drop of about 78% from 2011 which saw 13.1 records being breached.

Cumulatively, health data breaches over the last decade now stand at over 189 million records which equates to more than 59% of the population of the United States.  At the same time, about 41% of Americans have had their protected health information exposed.

More Entities Targeted in Data Breaches

Health data breaches can be costly considering that credit card data, email addresses, social security numbers, employment information and medical history records stolen can be used in many instances like fraud and identity theft.

Across the years, the number of entities involved in healthcare data breaches has also been on the rise. 2019 saw 429 entities involved in data breaches, which the highest in the period under review.

Interestingly, despite 2015 witnessing the highest number of breaches, only 268 entities were involved. This was a drop of 14% from 2014’s 314 entities. From 2015 the entities involved have been rising significantly, bringing to question the level of measures put in place to curb exposure of patient records.

Over the past decade, the least number of entities involved in data breaches was 18 recorded in 2009. Compared to 2019, this is an increase of 411 entities to represent a spike of 95%.

Generally, there have been notable changes that led to the varied number of records being breached. The next question would be, what causes these data breaches? From the data, most of the breaches have been caused by hacking.

Hacking Continues to Dominate Data Breaches

In 2019, over half of the 40 million healthcare data breaches were mainly through hacking at 59%. This was an increase of 16% from 2018’s 43%. The least hackings were recorded in 2014 at 12%. From this period, the rate of hacking has been rising significantly.

Notably, phishing has been the main weapon of use for most hackings. Moving forward, there is a need for healthcare providers to set and roll out simulated phishing programs.

Despite hackings being on the increase, most health facilities are now putting in place measures to curb the loss of data electronically. The low hacking recorded in the previous years can be attributed to the fact that most facilities did not have a means of detecting malware in their systems. Some hackings were even recorded months after taking place.

To curb more breaches, there is a need for entities improving their measures of protecting healthcare records with administrative, physical, and technical controls such as encryption.

Based on the high volume of data breaches, it is clear that the healthcare sector is among the most vulnerable sectors regarding data breaches. If this trend continues, 2020 might witness an increase of between 10-15% in the number of entities breached compared to 2019.

Global Cloud Kitchen Industry to Reach $2.3 Trillion Value by 2026

Global cloud kitchen industry-PreciseSecurity.com

The global online food ordering industry maintains its rapid growth with a CARG of 9.8 % in a year per year time. Also known as “cloud” or “ghost” kitchen, the dark kitchen industry has already produced a tremendous impact on the food and drink market and transformed the business model of many retailers worldwide. The expanding trend will continue in the following years with the US as the leading player globally. According to PreciseSecurity.com research, the global cloud kitchen industry is expected to reach $2.3 trillion value by 2026.

US Cloud Kitchen Market Expected to Generate $972 Billion Revenue by 2026

A dark kitchen is a restaurant that doesn’t provide dine-in or takeaway services to customers. It is primarily virtual and is reliant on food delivery apps, and website portal orders to generate sales.

The 2019 data show this type of food delivery industry in the US generated $336 billion profit. The numbers shouldn’t surprise considering that an average US household spends nearly $3.500 per year on away-from-home meals. According to the surveys, the overall US dark kitchen market revenue is expected to almost triple during the following years, and reach $972 billion value by 2026.

Europe is the Second Largest Dark Kitchen Market Globally

With the entire food delivery industry growing ten times faster than the traditional restaurant market, Europe will end in 2019 as the second-largest dark-kitchen region in the world. The surging popularity of companies like Uber Eats, Deliveroo, and DoorDash, has already encouraged many European restaurants to utilize the dark kitchen to decrease costs, boost revenue and speed-up the food delivery.

Compared with the US market, the European cloud kitchen industry generated 25 percent less profit in 2019 and will end the year with $253 billion in revenue. However, the recent surveys indicate that the overall industry profit is expected to reach $656 billion value over the next six years.

APAC Cloud Kitchen Market to Quadruple in the Next Six Years

Although the US will remain as the leading player on the global dark kitchen market, the APAC region will experience the most significant growth in the following years. That doesn’t surprise considering the culture of eating out which is present in the entire area. The 2019 surveys show that almost 27 percent of the people living in China dined out several times per week during this year, and nearly 19 percent of them did it at least once a week.

The Asia Pacific cloud kitchen market generated $198 billion profit in 2019, which is almost 40 percent less compared to the United States. Still, according to the surveys, the entire APAC cloud kitchen industry is expected to quadruple over the next six years and reach $699 billion value by 2026.

Information Security Technology Market to Reach $151.2 Billion Value by 2023

Information security technology market - PreciseSecurity.com

The growing range of security threats and requirements has forced companies and organizations from all over the world to intensify their investments in new safety solutions. According to PreciseSecurity.com research, the global information security market is expected to report a noticeable upward trend in the following years, resulting in a $151.2 billion revenue by 2023.

Security Services are Driving the Market Growth

The information security technology market includes security-related software, hardware, and services. The recent surveys show that the global market revenue reached $106.6 billion in 2019, which represents a 10.7% increase from the year before. According to the statistics, the entire information security technology market is expected to grow at a CAGR of 9.4% by 2023.

With more than $47 billion in spending in 2019, security services represent the most significant revenue stream. This segment of the market includes managed security services, integration, and consulting services, education, and training. It is expected to have the fastest spending growth with a five-year CAGR of 11.2%. The software was the second-largest revenue source, which generated almost $38 billion profit during the last year. With $21 billion in income in 2019, hardware spending was the third-largest revenue stream.

Banking Market Controls the Largest Security Budget Globally

Compared by markets, the banking industry is expected to spend the most on the security solutions in the following years, followed by discrete manufacturing and the federal government. The 2019 data show that these markets account for almost 30% of total security spending globally, with managed security services as their highest cost. The state and local government, telecommunications and the resource industries are expected to experience the fastest spending growth in the years to come.

With a $21 billion profit in 2019, managed security services were the most lucrative technology category globally, followed by network security hardware, integration services and endpoint security software. According to the statistics, the following years will bring intensified investments in security analytics, intelligence, response, and orchestration software, expected to grow by CAGR of 10.5% by 2023.

WannaCry Virus Was the Most Common Crypto Ransomware Attack in 2019

WannaCry ransomware attack-PreciseSecurity.com

As one of the biggest malware threats, ransomware continues to disturb the business operations and daily lives of internet users all over the world. According to PreciseSecurity.com research, 23.56 % of all encryption ransomware attacks during 2019 had encountered the WannaCry virus, making it the most ordinary type of hack in the last year.

WannaCry Attack Caused $4 Billion Damage Globally

The number of ransomware attacks against government agencies, organizations in the healthcare, energy sectors, and education continues to rise. While some simple ransomware may lock the system in a way that is not difficult for a knowledgeable person to reverse, more advanced malware exploits a technique called crypto-viral extortion.

WannaCry targets computers using Microsoft Windows as an operating system. It encrypts data and demands payment of a ransom in the cryptocurrency Bitcoin for its return. According to the estimates, the WannaCry ransomware attack hit around 230.000 computers globally, causing $4 billion in losses all over the world.

Most of the computer users became victims of the WannaCry virus because of not updating their Microsoft Windows. Therefore, updating software and operating system regularly is an essential ransomware protection step.

Tip: If you believe you’ve been affected by the Wannacry attack then read our malware scan and removal guide here.

Spam Emails Caused 67% of All Ransomware Infections in 2019

The 2019 data show that phishing scams were the most common cause of ransomware infection globally during the last year. More than 67% of MSP users reported ransomware attacks caused by spam and phishing emails. According to PreciseSecurity.com research, spam messages made 55 % of global email traffic during the last year, which explains the prevalence of this cause.

With a 36% share in the combined number of ransomware attacks during 2019, the lack of cybersecurity training was the second most common cause. Weak passwords led to another 30% of hacks. Poor user practices caused one-quarter of all ransomware attacks. Other ordinary reasons included malicious websites and clickbait.

 

Chrome for Android was the Most Popular Web Browser in 2019

Chrome for Android - PreciseSecurity.com

Billions of internet users globally are constantly searching for a faster and securer way to get online. According to PreciseSecurity.com research, the leading web browser globally as of December 2019 is Google’s Chrome for Android, which hit a 33% market share in the last year.

Asia is the Leading Region in Google Chrome Usage

Throughout the years, Google has firmly placed itself as the dominant player on the web. Besides managing the world’s most used search engine and web browser, the company also owns the most popular email service Gmail, and Google Maps as the most used GPS mapping system globally.

The recent surveys show that Chrome 78.0 was the second most popular browser in 2019, with 23.71 % market share, while Safari iPhone ranked third. Compared by the region, Asia took first place on the global Google Chrome usage list. Chrome for Android, as the most used browser in the area, marked a 44 % market share during the last year. With a 19.79 % share of the market, Chrome 78.0 ranked second, while Safari iPhone was the third most used browser in the Asian market in 2019.

Google Chrome for Android and Chrome 78.0 hold more than 50 % of the European market, as well. Only the North American region ended the year with a slightly different ranking. The statistics show that the most popular North American web browser in 2019 was Chrome 78.0, which marked a 22.67 % market share. The second most used web browser was Safari iPhone, which reported a 1.14 % higher market share than Chrome for Android.

Firefox and Internet Explorer Marked a Huge Decrease in Market Share

The recent surveys show that Internet Explorer and Firefox have experienced massively reduced market share in previous years. One of the reasons for that is the expanding influence of Google Chrome. The other one is increased competition entering the global browser market. The statistics show that Firefox’s market share dropped down to 3.15 % at the end of 2019. The Internet Explorer ended the year with a 1.47 % share in the global web-browser market.

 

More than 30% of North Americans Used Dark Web Regularly in 2019

Dark web usage in 2019-PreciseSecurity.com

Regardless of its predominantly negative connotation, the increasing number of people have started using the dark web to keep their online activity hidden. According to PreciseSecurity.com research, North America is the most active region globally in this part of the internet. More than 30 percent of North Americans have used the deep web regularly during 2019.

North America is the Leading Region in Daily Usage of Dark Web

The dark web represents a network of untraceable online activity and websites on the internet that cannot be found using search engines. Accessing them depends upon specific software, configurations, or authorization. The 2019 survey showed that North America is the leading region in daily usage of the dark web.


The statistics indicate that 26 percent of North Americans admitted using the dark web daily. Another 7 percent of them accessed the deep net at least once a week.

Latin Americans ranked second on this list, with 21 percent of respondents visiting the dark web every day and 13 percent weekly. With 17 percent of citizens utilizing it every day, Europe took third place on the global deep net usage list. Another 11 percent of Europeans admitted to doing so at least once a week.

Anonymity and Privacy are the Leading Reasons for Using the Dark Web

The 2019 data showed online anonymity was by far the most common reason globally for accessing Tor and the dark web. Nearly 40 percent of respondents used the deep net during the last year to stay anonymous.


Another 26 percent of them claimed to use it to retrieve the usually unavailable content in their location. This reason is more ordinary in Middle Eastern, African, and BRICS countries. Other reasons include overcoming governmental censorships and protecting online privacy.

Nearly 25 percent of North Americans used the hidden web in 2019 to ensure their privacy from foreign governments. Another 38 percent of them named protecting the privacy from the internet companies as the leading reason for using the deep web.

Nearly 50% of People Don’t Use Dark Web Because They don`t Know How to

The recent surveys revealed some interesting facts about the reasons why people don’t use VPN technologies like Tor to access the dark web. Nearly 50 percent of respondents globally stated that it is because they don’t know how to, while 45 percent of them have no reason for doing so. One in ten citizens views these technologies as unreliable, and only 13 percent of them appear to be concerned about perceptions that it is used by criminals.

Looking for the best antivirus or spy apps? Find more information here.

Top 10 Countries by Most Mobile Malware Infections in the Q3 2019

According to data gathered by PreciseSecurity.com, over 50% of mobile users in Iran have fallen victim to mobile malware infections in the third quarter of the current year. Other countries among the top 10 included Bangladesh and India. Malware infections have affected millions of users around the world in the last year and it seems the trend would not change in the near future.

Most Mobile Users In Iran Affected By Mobile Malware

Mobile malware infections in the third quarter of 2019 have affected 52.68% of mobile users in Iran. This is the highest percentage around the world considering that the second country with the largest number of mobile malware infections in the world was Bangladesh with 30.94% of its mobile users affected by malware.

India, the second-largest country in the world has also been affected by these attacks. Indeed, 28.75% of its mobile users have fallen victim to malware infections. Other countries included in the list include Pakistan (28.1%), Algeria (26.47%), Indonesia (23.38%), Nigeria (22.46%), Tanzania (21.96%), Saudi Arabia (20.05%) and Egypt (19.44%).

These attacks are viruses that affect users’ mobile phones, and that could cause data loss or even steal users’ financial data. Nowadays, individuals handle their bank accounts, email, and other private information such as ID on their smartphones, which becomes a hot target for attackers and hackers.

In general, users in Iran found the AdWare.AndroidOS.Agent.fa the malware with the largest penetration in the market (22.03%). At the same time, the adware installing Trojan.AndroidOS.Hiddapp.bn affected 14.68% of the devices. Meanwhile, the RiskTool.AndroidOS.Dnotua.yfe had a market penetration in the country of 8.84%.

In Bangladesh, users encountered adware programs that affected their smartphones’ usability. Some of the malware found included the AdWare.AndroidOS.Agent.fc, representing 27.58% of the total number of mobile threats. In addition to it, the Trojan.AndroidOS.Hiddapp.cr reached 20.05% of all the users.

The number of installation packages for Mobile Banking Trojans slightly fell from 13,899 in the second quarter of the year to 13,129 in the last quarter. This is just 23% of the installations a year ago when they reached 55,101.

Furthermore, the largest contributions to the statistics came from the Trojan-Banker.AndroidOS.Svpeng with 40-59% of all detected banking trojans in the market. Furthermore, Trojan-Banker.AndroidOS.Agent was found in 11.84% of mobile phone users. Finally, the Trojan-Banker.AndroidOD.Faketoken was found on 11.79% of the times.

This data shows that it is certainly necessary to protect the data users have on their smartphones and that use to handle daily. Financial data is perhaps the most important one because it can materially affect users that manage bank accounts or other financial applications with their smartphones.

As PreciseSecurity.com reported a few days ago, MS Office represents 73% of the most commonly exploited applications worldwide. Other exploited applications by cybercriminals included Browsers and operating systems as well. As per this article, Android represented 9.09% of the most exploited OS by cybercriminals.

Need help with a virus? Find the best antivirus software and apps here.

Cross-Site Scripting (XSS) Makes Nearly 40% of All Cyber Attacks in 2019

Cyber attacks PreciseSecurity.com

Cyber-attacks have targeted nearly 75 percent of large companies across Europe and North America over the last twelve months. According to PreciseSecurity.com research, almost 40 percent of all cyber-attacks in 2019 was performed by using cross-site scripting, which is hackers’ favorite attack vector globally.

Challenge and Opportunity to Learn are Main Reasons for Hacking Companies

Cross-site scripting or XSS is a type of injection attack, in which malicious malware scripts are injected into trusted websites. Most of the XSS attacks are performed by using a web application to send malicious code, mostly in the form of a browser side script, to a different end-user. The statistics show SQL injection is the second most used attack vector globally, followed by fuzzing. However, the 2019 surveys revealed some interesting facts about the global hacker’s reasons for choosing the company to hack.

Nearly 60 percent of them named the challenge and the opportunity to learn as the primary reason for doing cyber-attacks. Forty percent of hackers perform the attacks because they simply like the company, while 36 percent of them want to test the security team’s responsiveness.

More than 72 Percent of Hackers Attack Websites

With 72.3 percent of all cyber-attacks happening on the websites, the 2019 data indicates this is the hackers’ favorite platform to perform attacks globally. Because of its massive user-base, WordPress is one of the prime targets of hackers, and 98 percent of WP platform vulnerabilities are related to plugins.

An application program interface (API) is the second most targeted platform with a 6.8 percent share in the global hacking incidents list. The statistics show that around 7 percent of hackers choose Android mobile and operating systems for performing attacks. Attacks aiming at downloadable software and the Internet make only 3.9 percent of all hacking incidents globally.

MS Office Represents 73% Of The Most Commonly Exploited Applications Worldwide

According to information gathered by PreciseSecurity.com, the most commonly exploited applications worldwide as of the third quarter of this year were related to MS Office. Other exploited applications by cybercriminals included Browsers, and operative systems, among others.

MS Office Heavily Exploited By Cybercriminals

As per this data, MS Office solutions and applications were the most commonly exploited by cybercriminals around the world. Data shows that exactly 72.85% of cyber exploits were performed in MS Office products as of the third quarter of this year.

MS Office products were followed by Browsers with 13.47% of the total number of exploits by cybercriminals, Android with 9.09%, Java with 2.36%, Adobe Flash with 1.57% and PDF with 0.66%.

In computer security, an exploit makes reference to individuals such as hackers or criminals that make use and take advantage of a bug or vulnerability in a specific software or computer program. In many cases, these exploits can be very costly for companies and other customers that could eventually be affected.

Moreover, the data collected by PreciseSecurity.com shows that the top 5 countries that are sources of web-based attacks include the United States with 79.16% of the market share. This is followed by the Netherlands with 15.58%, Germany with 2.35%, France with 1.85% and Russia 1.05%.

Some of the most common vulnerabilities in MS Office were related to stack overflow errors in the Equation Editor application. Other vulnerabilities were CVE-2017-8570, CVE-2017-8759, and CVE-2017-0199, among others.

Another important vulnerability was related to a zero-day issue CVE-2019-1367 that produced memory corruption and allowed remote code execution on the target system.

Nowadays, browsers such as Windows are very complex products that tend to have many vulnerabilities. This happens because hackers and attackers are at all times finding and searching for new bugs to exploit or using hidden spy software to take advantage of.

Many of these vulnerabilities found in the last quarter aimed at privilege escalation inside the system stem from individual operating system services and popular applications.

Companies, applications, and firms are trying to avoid these exploits and reduce them to the minimum. In general, they are very costly and can affect a larger number of users. However, hackers and attackers are usually ready to find new bugs and use them to take advantage of these systems.

Some of the worst exploits are related to financial applications that could have a negative financial effect on other users or individuals. At the same time, financial data is becoming increasingly important and valuable in the dark web, which is pushing hackers and attackers to obtain this data as well to sell it later to scammers and other malicious parties.