Cybercrime, in the past 12 months, has evolved into a dangerous reality. The conditions brought forth by the global pandemic have set a rapid pace of transformation in the cyberworld. With accelerated digitalization, came the threat of heightened cyberattacks. Europol published its Internet Organised Crime Threat Assessment that mentions the key cybercrime trends influenced by COVID-19.

What are the key threats?

  • Ransomware affiliate programs have enabled a larger number of threat actors to target big organizations by threatening them with multi-level extortion tactics.
  • Mobile malware has advanced as cybercriminals attempt to evade multi-factor authentication and other security measures.
  • Online shopping has resulted in greater online fraud, with phishing and social engineering being the primary attack vectors. 
  • Dark web users are embracing anonymous cryptocurrencies and swapping services. Moreover, the exploitation of legitimate services, such as VPNs and encrypted chat platforms, continues to surge. 

Diving into more details

  • Ransomware groups have taken complete advantage of the pandemic to launch advanced and targeted attacks. While mass distributed ransomware is on the decline, gangs and their affiliates conduct well-orchestrated manual attacks - mostly against large corporations.
  • The SolarWinds and Kaseya attacks indicate how cybercriminals are making profits by attacking digital supply chains by targeting the weakest links. In addition, DDoS attacks have witnessed a reemergence and are targeting businesses, financial institutions, and service providers. 
  • The grey infrastructure is being extensively used to facilitate operational security for threat actors. Grey infrastructure services offer rogue cryptocurrency exchanges, bulletproof hosters, and VPNs - all as a safe haven for adversaries. This has led to critical challenges in the investigation of criminal activities.

Let’s not forget mobile malware

Mobile malware gets a special section as cybercriminals have transformed it into a scalable business by establishing overlay attacks, SMS spamming, and 2FA disruption. Let us take a look at the top threats dominating the mobile threat landscape.
  • Malicious apps - apps laden with malware have gained traction, especially those targeting Android devices. Recently, an updated version of GravityRAT was found targeting high-profile Indian targets with an aim to pilfer sensitive information.
  • Overlays - the most relevant example would be of FluBot that can display overlays for banking apps and Google Play verification, enabling credential theft.
  • Phishing - phishing attacks on mobile devices are as old as time itself. Often taking advantage of users’ familiarity with certain brands, attackers send attractive lures. All users have to do to claim their prize is to enter their credit card details.
  • Calendar spam - this targets iOS devices via iCalendar files or ICS to send spam-filled invites to users, rendering a calendar virtually useless.

The bottom line

Cyber adversaries continue to be ruthless and incessant in achieving their malicious intentions. In light of the above findings and facts, awareness of different kinds of cybercrime should be the first step. Furthermore, implementing proactive cybersecurity defenses would ensure protection and remediation from such cyberattacks and threats.

Cyware Publisher