Top 9 cybercrime tactics, techniques and trends in 2020: A recap
2020 was a busy year for cybercriminals, with new opportunities brought on by the COVID-19 lockdowns and digital transformation initiatives. According to McAfee’s “The Hidden Costs of Cybercrime” report, losses from cybercriminal activity cost the globe more than $1 trillion last year. Attacks specifically aimed at exploiting the regulations around the pandemic increased drastically, but companies also experienced social engineering, ransomware and other types of cybercrime.
What were the top cybercrime techniques and trends of 2020? As per the seventh annual Internet Organized Cyber Threat Assessment (IOCTA) report from Europol’s European Cybercrime Center, ransomware attacks were the top cyber threat for law enforcement agencies. Additionally, adversaries used techniques like business email compromise and cryptocurrency abuse to exploit their targets.
Here’s a recap of the top cybercrime techniques and trends that surfaced last year.
1. COVID-19 specific phishing
Cybercriminals took advantage of topical trends and fears in the wider marketplace to access sensitive details. When COVID-19 hit, the rise of phishing strategies specifically linked to the pandemic surged. Criminals began twisting existing forms of cybercrime to suit the narrative of the pandemic. In the UK, older people began receiving emails and phone calls offering them a vaccine for the ailment in exchange for information.
Malicious individuals may use coronavirus-themed emails in a variety of ways to generate results. Common examples include health advice emails that ask customers to click on a link and workplace policy emails for remote employees.
2. Ransomware
Ransomware isn’t a new concept, but it remains the most dominant threat as criminals continue to increase pressure on companies that need to protect their reputation. Attacks are becoming increasingly more targeted, and it seems that no company is safe. Victims of 11 of the largest ransomware attacks spent over $144.2 million in response to the attack in 2020.
In August of 2020, North American land developer and homebuilder Brookfield was hit by a cybercriminal group named Darkside, who demanded payment for data downloaded from the business about administration, finances, commercial insights, payroll, and more. With the personal details of 151,000 employees at risk, the business was forced to pay out to protect its staff’s privacy.
3. Business Email Compromise
Business Email Compromise (BEC) attacks are continuing to rise as more people work digitally. As countless companies shift into the remote working environment, teams are spending more time in their email inboxes, dealing with information that they may not be used to seeing. A business email compromise attack could involve a criminal accessing a business email account to send money requests to a financial department.
Alternatively, criminals could use the same spoofed accounts to request sensitive information or data that could later allow for a ransomware attack.
4. Distributed Denial-of-Service attacks
Though the number of DDoS attacks, in general, has begun to decline, some individual attacks continued to make headlines in 2020. DDoS attacks prevent employees and business leaders from accessing the tools they need to operate, from email addresses to websites.
In 2020, the Amazon Web Services DDoS attack was potentially the largest in the industry. The company was hit by a giant attack in February, using rapid-fire technology to overwhelm a set of cloud servers. The attack lasted for three days in total and peaked at a level of around 2.3 terabytes per second, causing massive disruption to the cloud solution.
5. DeFi cryptocurrency hack
DeFi attacks exploded in volume during 2020. According to the most recent reports, there were around 15 hacks of DeFi (cryptocurrency) platforms last year, which amounted to around $120 million in stolen funds. Cryptocurrencies hold particular appeal for cybercriminals as they allow for anonymous payments on various platforms.
The DeFi attack that generated the worst outcomes was the Lendf.me attack, which cost around $25 million in lost funding. A re-entrancy vector allowed the adversaries to interact with token contracts as though they had much collateral and steal the platform's assets.
6. Credential stuffing
Credential stuffing is another common example of a cybersecurity threat that continued to grow during 2020. This cyberattack tactic involves testing millions of email and password combinations on different sites, hoping that the details that work for one website may work for another.
The pandemic-driven movement to more digital platforms sparked a massive rise in digital fraud activities. Since many of today’s remote working employees reuse passwords on multiple platforms, the opportunity to steal business credentials is enormous. Last year, video-conferencing company Zoom fell victim to this attack, with 500,000 usernames and passwords distributed on the dark web.
7. Smishing attacks
Smishing is a relatively new concept in the cybercrime landscape, but it’s one that’s gaining attention fast. The tactic involves sending fraudulent text messages to customers, often emulating banks or other official companies to get personal details. Similar to phishing, smishing executors hope that the act of sending a text will generate less suspicion in customers, leading to more successful attacks.
Customers don’t have the same skepticism about text messages as they do for email messages yet. Additionally, it’s often difficult for banks to protect customers against smishing attacks because many criminals abuse the alpha tag SMS thread and signaling vulnerabilities.
8. Modular malware
Most companies have already heard of malware, and they work hard to protect themselves from it with various forms of cyber protection. However, law enforcement agencies in 2020 became increasingly concerned about the extent to which crime gangs would combine modular segments of malicious code to form bigger attacks.
Criminals appeared to be working together more frequently in 2020. There was a lot of subcontracting and cooperation among threat actors, which led to an increase in opportunity for thieves. If criminals continue to work together in the years ahead, it may become increasingly difficult to fight back.
9. Shoulder surfing
Now that employees are spending more time outside of the office, they’re becoming increasingly comfortable with using their workplace credentials on various devices. This could mean that aside from logging into platforms in their home office, employees are also dealing with work requests on their smartphones when they’re out shopping or logging into tablets from coffee shops and shared spaces.
A rise in “anywhere” work could open the door for more vulnerable employees who forget to protect themselves against the people that could easily be looking over their shoulders. Shoulder-surfing may be a low-tech form of cybercrime, but it’s still a dangerous one, and hackers can even carry it out over videoconferencing.
Conclusion
2020 is finally over, but the criminals that emerged throughout the year are still going strong. The cybercrime trends and techniques that emerged last year will influence the security issues that we continue to face in the years ahead. Now’s the time for all organizations to reconsider their security strategy and ensure that they have solutions to stay ahead of the curve.
Sources
In this Series
- Top 9 cybercrime tactics, techniques and trends in 2020: A recap
- Dark Web hacking tools: Phishing kits, exploits, DDoS for hire and more
- Dependency confusion: Compromising the supply chain
- BendyBear: A shellcode attack used for cyberespionage
- ATP group MontysThree uses MT3 toolset in industrial cyberespionage
- BlackBerry exposes threat actor group BAHAMUT: Cyberespionage, phishing and other APTs
- KashmirBlack botnet targets WordPress, Joomla and other popular CMS platforms
- BAHAMUT: Uncovering a massive hack-for-hire cyberespionage group
- Linux security and APTs: Identifying threats and reducing risk
- Top 6 ransomware strains to watch out for in 2020
- 2020 Verizon data breach investigations report: Summary and key findings for security professionals
- How hackers use CAPTCHA to evade automated detection
- The State of Ransomware 2020: Key findings from Sophos & Malwarebytes
- Dark web fraud: How-to guides make cybercrime too easy
- Top 6 malware strains to watch out for in 2020
- Top Cybersecurity Predictions for 2020
- Malware spotlight: What is click fraud?
- What does dark web monitoring really do?
- ThreatMetrix Cybercrime Report: An interview
- Are dark web monitoring services worth it?
- Cybercrime and the underground market [Updated 2019]
- Verizon DBIR 2019 analysis
- Common causes of large breaches (Q1 2019)
- The Magecart Cybercrime Group Is Threatening E-Commerce Websites Worldwide
- Russian Cyberspies Target 2018 U.S. Midterm Elections
- The Increasing Threat of Banking Trojans and Cryptojacking
- Leaders’ Meetings: A Privileged Target for Hackers
- Fraud as a Service (FaaS): Everything You Need to Know
- All about SamSam Ransomware
- The Decline of Ransomware and the Rise of Cryptocurrency Mining Malware
- Mechanics Behind Ransomware-as-a-Service
- The Art of Fileless Malware
- ZLAB MALWARE ANALYSIS REPORT: RANSOMWARE-AS-A-SERVICE PLATFORMS
- Which Are the Most Exploited Flaws by Cybercriminal Organizations?
- 5 New Threats Every Organization Should be Prepared for in 2018
- Memcrashed: The Dangerous Trend Behind the Biggest DDoS Attack Ever
- Open source threat intelligence tools & techniques
- Global Cost of Cybercrime on the Rise
- An Enterprise Guide to Using Threat Intelligence for Cyber Defense
- The Five Largest Ransomware Attacks of 2017
- Intellectual Property Crimes in the Dark Web
- Top 5 Smartest Malware Programs
- Is Russian Intelligence Using Tainted Software to Access Corporate and Government Networks?
- Vault 7 Leaks: Inside the CIA's Secret Kingdom (July-August 07)
- DragonFly 2.0: The Alleged Nation-State Actor Hits the Energy Sector Again
- Russian APT Groups Continue Their Stealthy Operations
- Massive Petya Attack: Cybercrime or Information Warfare?
- SAP SECURITY FOR CISO: SAP Attacks and Incidents
- Role of Threat Intelligence in Business World
- WikiLeaks Vault 7 Data Leak: Another Earthquake in the Intelligence Community
- Past and Present Iran-linked Cyber-Espionage Operations
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Threat Intelligence
Dark Web hacking tools: Phishing kits, exploits, DDoS for hire and more
Threat Intelligence
Threat Intelligence
Threat Intelligence
ATP group MontysThree uses MT3 toolset in industrial cyberespionage