January 19, 2018 By Shane Schick 2 min read

Less than a week before political and business leaders descend on Davos, Switzerland, the World Economic Forum has released a study with cybersecurity attack statistics that suggest cybercriminals will be a key topic during the three-day event.

According to the “The Global Risks Report 2018,” threats against industrial systems and critical infrastructure rank high among the major forces that could threaten international stability. Though the possibility of nuclear war and extreme weather topped the list, the report’s cybersecurity attack statistics indicated a major incident could happen in the next five years.

The work of cybercriminals has been growing in frequency, intensity and sophistication, according to the World Economic Forum. The report’s cybersecurity attack statistics included details on how threats such as NotPetya crippled some organizations to the tune of $300 million per quarter. In addition, technologies such as aviation systems can get hit by malware or other exploits an average of 1,000 times every month.

Other well-known cases cited in the report include the WannaCry incident from May 2017, but ransomware in general was called out among the statistics covered. Out of all the email that includes malicious code or some kind of phishing scheme, 65 percent was intended to take over a device and hold it hostage until a victim pays up.

The World Economic Forum is also concerned by threats against the Internet of Things (IoT) — an issue that was highlighted in last year’s report.

As Fortune pointed out, the World Economic Forum’s research divides risks into two categories: likelihood and potential impact. Whereas threats from cybercriminals are in the top five in the first category, they rank sixth in the latter.

While that ranking is still alarming, cybersecurity attacks statistics tend to reveal the severe effects on companies or industries rather than threats that affect entire populations. This year’s World Economic Forum may be the place where we learn whether the top minds in business and government believe that will change anytime soon.

More from

IBM identifies zero-day vulnerability in Zyxel NAS devices

12 min read - While investigating CVE-2023-27992, a vulnerability affecting Zyxel network-attached storage (NAS) devices, the IBM X-Force uncovered two new flaws, which when used together, allow for pre-authenticated remote code execution. Zyxel NAS devices are typically used by consumers as cloud storage devices for homes or small to medium-sized businesses. When used together, the flaws X-Force discovered allow a remote attacker to execute arbitrary code on the device with superuser permissions and without requiring any credentials. This results in complete control over the…

What cybersecurity pros can learn from first responders

4 min read - Though they may initially seem very different, there are some compelling similarities between cybersecurity professionals and traditional first responders like police and EMTs. After all, in a world where a cyberattack on critical infrastructure could cause untold damage and harm, cyber responders must be ready for anything. But are they actually prepared? Compared to the readiness of traditional first responders, how do cybersecurity professionals in incident response stand up? Let’s dig deeper into whether the same sense of urgency exists…

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Stealthy WailingCrab Malware misuses MQTT Messaging Protocol

14 min read - This article was made possible thanks to the hard work of writer Charlotte Hammond and contributions from Ole Villadsen and Kat Metrick. IBM X-Force researchers have been tracking developments to the WailingCrab malware family, in particular, those relating to its C2 communication mechanisms, which include misusing the Internet-of-Things (IoT) messaging protocol MQTT. WailingCrab, also known as WikiLoader, is a sophisticated, multi-component malware delivered almost exclusively by an initial access broker that X-Force tracks as Hive0133, which overlaps with TA544. WailingCrab…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today