The United States was hit with 156 cyber attacks on government agencies, defense and technology companies or financial crimes of more than $1 million during a 14-year run beginning in 2006, to lead 20 nations in “significant” incidents, a new data analysis showed.
In that time frame, 2018 struck the loudest chord in the U.S. with 30 episodes throughout the year, according to a study by Specops Software, a Philadelphia, Pennsylvania-based developer of password management and authentication solutions.
Specops said it relied on data collected by the Center for Strategic and International Studies (CSIS) to count the number of “significant” episodes and attach them to specific countries to create its ranking order. For example, attacks two months ago by the Russian-backed advanced persistent threat group Sandworm to exploit a vulnerability in Exim mail transfer agent software were classified as “significant” owing to the widespread potential to derail email messages traveling from one computer to another.
The U.S. led the pack by a wide margin in the number of incidents. By comparison, the United Kingdom experienced the second highest number of events at 47, or 30 percent of the U.S. total. In the U.K.’s case, Specops pointed to the large-scale cyber attacks on the Labor Party’s digital platforms during the 2019 general election.
India ranked third with 23 occurrences, the latest of which involved malware deployed against nine human rights activists to log their keystrokes, record their audio, and steal their personal credentials. Germany and South Korea round out the top five with 21 and 18 experiences, respectively. At the tail end of the list is North Korea, which has been impacted by five notable cyber attacks since 2006.
Specops said the four tactics hackers deployed to hit their targets include distributed denial of service (DDoS), SQL Injection, man-in-the-middle attacks and phishing.
According to the Global Cybersecurity Index, which scores the commitment of countries to cybersecurity at a global level by legal, technical and organizational measures, capacity building, and cooperation, the top 10 countries most prepared against cyber attacks include Singapore, U.S., Malaysia, Oman, Estonia, Mauritius, Australia, Georgia, France and Canada, in that order. In another ranking, the Cyber Research Databank lists the top 10 cyber-prepared nations as the U.S., Israel, Russia, Canada, the U.K., Malaysia, China, France, Sweden and Estonia, in that order.