Who is next? Analysis of cyber attacks between 2017 and 2018
AT A GLANCE
|Project Type||Web Scraping and Data Visualization|
|Project Name||Analysis of cyber attacks between 2017 and 2018|
|Source||hackmageddon.com and glassdoor.com|
|Language/Packages||Python numpy, pandas, seaborn, scrapy, matplotlib, wordcloud, NLP packages|
|Outlook||Cyber attacks represent a serious and expensive threat for all industries. Deep Learning algorithms might be able to not only catch up with hackers but also be one step ahead of the next attack.|
| BACKGROUND |
Every year, the increasing number of cyber attacks comes with evolved tactics and highly skilled hackers in search of rapid financial gain. According to the "Cost of a Data Breach Study" by the Ponemon Institute LLC, the average cost of a data breach is US$3.86 million with about 30% likelihood of a recurrent breach within the next 24 months. Across various industries, heavily regulated sectors such as healthcare and financial organizations suffer from the highest data breach costs per capita (US$408 and US$206, respectively compared to an average per capita cost of US$148). Understanding the landscape of cyber threats and identifying predictive factors that contribute to increasing vulnerabilities is crucial to protect the sensitive information of individuals and enterprises. To link company information of organizations within the healthcare sector with reported cyber attack characteristics, I scraped hackmaggedon to get a list of cyber attacks across multiple industries as well as available information from Glassdoor for selected organizations. Please visit my GitHub for the complete code and analysis.
| METHOD |
The scrapy package of Python was used to collect information on date, target, target_class, country, summary description, and type of attack from the site hackmageddon. Similarly, information on companies' revenue and employee size was scraped from glassdoor using scrapy as the major tool. Data visualization was performed with python packages such as Pandas, Numpy, and Matplotlib. Text snippets were processed using filtering, tokenization, and lemmitization of NLP packages in python.
| RESULTS |
The landscape of cyber attacks
Based on the classification of hackmageddon.com, individuals are the main target of cyber attacks (2017: 61 attacks, 2018: 169 attacks) followed by organizations and companies of the healthcare and financial sectors. Other sectors such as science, transportation, or hospitality are less affected.
The pie chart below displays the main types of cyber attacks on individuals. More than 50% of cyber threats on individuals can be attributed to malware, followed by account hijacking, and targeted attacks. Although within the top 5 categories and among the most feared, malware targeting point-of-sale interactions to steal credit card information and similar, are less dominant. Other categories include malvertising, vulnerabilities, and malicious scripts.
To gain more information on the nature of reported cyber attacks on individuals, the summary text were visualized in form of a WordCloud after processing and cleaning. Words appearing with high frequencies are "million", "campaign", "android", and "app". These words indicate that hacks often happen through downloads of apps by android users, affecting millions of individuals simultaneously. "Ransomware" is another word that gained more and more popularity, referring to blackmailing of affected individuals by locking down access to private and sensitive information.
Target: Healthcare sector
The WordCloud based on the description of cyber attacks within the healthcare sector looked different. While apps and Android users described the main playfield of cyber attacks on individuals, it is "phishing", "email account", and "employee" that describe the main methodologies for the healthcare industry. Hackers gain access to the system through phishing emails, which leads to a breach of information and/or the distribution of ransomware. The word "ransomware" also appeared as one of the most frequent words, emphasizing the danger of it as sensitive financial and health-related information of millions of people can be at stake. Based on the frequency WordCloud, the question is whether the number of employees correlates with the number of cyber attacks as more employees increase the likelihood of "successful" data breach.
Through glassdoor.com, I found revenue and employee information on affected organizations operating within the healthcare sector. However, both variables were given as categorical data with different ranges. I applied the Chi-square test to confirm that the size of employees is dependent on revenue and vice versa (p-value < 0.001). Affected organizations and companies were further subdivided into hospitals, private companies (mostly associations of certain physicians), and non-profit organizations (e.g. health insurance companies and large hospital groups).
Non-profits showed a relative increase of cyber attacks with increasing size of the organization. About 30% of all cyber attacks within the nonprofits targeted organizations with more than 10,000 employees. Surprisingly, private companies showed an opposite trend. The relative number of cyber attacks decreased with increasing employees. Small private companies with 1-50 employees showed the highest frequency of cyber attacks, indicating the lack of sufficient IT security. Hospitals did not reveal a clear trend. More than 50% of all attacks were targeted towards hospitals with 1001-5000 employees. It is possible, that this number reflects the standard size of most hospitals with little variance as larger hospital groups are included in the nonprofit category and smaller private practices in the private companies category. Together, the data suggests a correlation between size and number of attacks. Hospitals seems to be particularly vulnerable.
| Conclusion |
Cyber attacks represent a common and dangerous threat for every individual who is connected to the internet and all enterprises. As individual using an Android device, cautious downloads of apps can prevent malware and other malicious activities from occurring on those devices. Increased cyber security training for employees of hospitals is highly recommended to counteract the threat of phishing emails. Ransomware has become a new and lucrative trend among the hacker community, prompting increased investments in cyber security across all industries.
Unsupervised machine learning can be used to identify factors that cluster organizations into high-risk or low-risk groups, which in turn can provide helpful information to implement security measures that can not only detect cyber threats faster but also prevent recurring attacks. In the future, Deep Learning will be another powerful tool to detect unknown network intrusions.