There’s perhaps nothing more cumbersome than having your website hacked or your personal data stolen online. It takes hours to restore a compromised website to its normal operation, and that could mean financial loss for you if your business relies heavily on the web. Hacking, phishing, malware attacks–all these cybercrime trends are affecting millions of businesses daily, and no one is safe from them.
As technology keeps evolving at a rapid pace, so do cybercrooks. Apart from newer forms of cyber threats, even the oldest tricks in the book are not completely useless for these cybercriminals. They take these tricks out of the box and make modifications and updates to bypass security measures especially created for them. Further in this article, we present the latest cybercrime trends that we all have to watch out for.
From 2013 to 2016, cyberattacks have already cost businesses about 5 billion US dollars. This proves the damaging impact of cybercrimes that goes across several industries all over the world. Additionally, cyber crimes are directly affecting innovation, jobs, economic growth, and investments.
In most cases, a breached company or organization is more than likely to lose even its most loyal customers. A survey by Gemalto reveals that exposure or theft of customers’ personal data will harm the relationship of the breached organization with its customers. With the rise in cybercrime, there are free IT security solutions that you can try, but investing in IT security can pay off so much more than what it’s worth.
Source: Imperva (2019)Designed by
However, tighter security is sometimes still not enough to guarantee immunity from cyberattacks. With the changing nature of cyber threats, cyber attackers are always one step ahead of existing security measures. Awareness of how these attacks take form can do wonders, though. In the following section, we provide a more comprehensive discussion of the latest cybercrime trends affecting various industries.
Ransomware remains as one of the biggest threats on the web today. First coming into the fore in 2017 with the effects of global campaigns NotPeya and WannaCry, reports show that the number of ransomware attacks doubled this year. Although cybercrime trends of ransomware attacks seemed to fall out of favor with hackers in the past years, it is on the rise again as cybercriminals discover code innovations and newer and more targeted approaches.
According to the McAfee Labs Threats Report for August 2019, there is a 118% rise in ransomware attacks in the first quarter of 2019. To combat ransomware attacks, there are several decryption tools available in the market, but developers of ransomware see to it that they continue to always be one step ahead by releasing new versions of malware.
The sophistication of cybercrime activities continue to evolve, and reports find that cybercriminals stick to the pattern of attacking during the workweek. A comparison of web filtering volume for two cyber kill chain phases found that pre-compromised activities are more likely to occur during the weekdays.
Employees receive about five phishing emails per workweek, according to a new report by Avanan. While employees are always busy with the number of emails they receive every day, they become easy targets of phishing attacks disguised as a regular email. These exploitation activities require someone else taking an action, such as employees taking the bait of phishing e-mails and thus the fewer attacks during the weekends.
To fight security threats, there are several IT security software solutions available in the market today. Here are some examples of them.
In the first quarter of 2019, Pakistan, Iran, and Bangladesh top the list of countries with most mobile malware attacks. The report shows that more than one-third of mobile users in Pakistan experienced a mobile malware attack. Iran and Bangladesh follow closely behind, with 31.55% and 28.38% respectively of mobile users reporting mobile malware.
Users of mobile devices last 2018 saw the strongest cybercriminal onslaught as of yet. Reports detect that virus writers seem to focus more on attacks on bank accounts via mobile devices, droppers (Trojan-dropper) designed to bypass detection, adware apps, and apps that can be used by cybercriminals to cause damage.
Source: Statista Research Department (2019)Designed by
Cybercrime is no longer just for thieves. Cyberactivists are now also contributing to the vast amount of cybercrimes that happen daily. Modern activist movements consider cyberactivism as a significant milestone. And according to cybersecurity analysts, hacktivism shows no signs of stopping this year and in the years to come.
Cyberactivists are the online equivalents of protesters fighting for a particular agenda. One of their main purposes is to interrupt the website operations of a company or an organization as a way of getting across their messages to the higher-ups. Another motive is to spread awareness about a company’s bad practices.
One such example of cyberactivism is the infamous attack on PayPal and MasterCard. In 2010, a group of cyber activists who claimed to be part of Anonymous executed a DDoS attack on Paypal in response to Paypal’s shutdown of payment services to WikiLeaks. Cyberactivism is expected to grow in the coming years and affect business sales and revenues.
AI goes both ways in cyberspace: it can both be a blessing and a curse. With the advent of IoT devices, AI is predicted to commit more cybercrimes than actual people in the year 2040. AI and IoT are gradually making things easier for cybercriminals. Any device that can be connected to the Internet carries the risk of getting hacked. And with the rapid growth of the technological advancements in the AI aspect, IoT devices are facing security issues that seem to have no solutions as of yet.
Just this year also, the United Nations Interregional Crime and Justice Research Institute (UNICRI) is looking into the advance understanding of AI applications for criminal justice and crime prevention. But while AI could prevent and deter crimes, the risk lies in the system that can pose a global security threat if left alone with its machine-operated directives.
Cardholder data remains as the primary target of cybercriminals. Hence, payment card systems continue to be infiltrated by cybercriminals. In the last few years, credit, debit, and prepaid card frauds ballooned in the United States, reaching about $4.57 billion in 2016. Although the Payment Card Industry Security Standards Council (PCI SSC) imposed more strict compliance requirements to protect cardholder data, vendors and merchants still find themselves targets of data breaches.
Recent figures suggest a growing number of credit cards that are already compromised. Credit card information could be stolen right from the card or it could be bought on online marketplaces for stolen cards, in particular, the Dark Web. Federal Reserve’s report in 2018 noted that the card-not-present cybercrime represents a drag on economic activity as it is costing billions of losses in merchandise. This resulted in businesses heavily spending on protection against such fraud by buying security software solutions, hiring security experts, and collaborating with outside companies to monitor transactions.
One of the biggest data breaches in history was when the data of Marriott International customers were stolen by cyber thieves. Just last November 2018, an announcement by Marriott International confirmed that cyber thieves were successful in stealing the data of approximately 500 million customers. This data breach goes as far back as 2014, stemming from systems that supported the Starwood hotel brands, and was not discovered until 2018.
Data breaches happen daily, and it is one of the biggest cyber threats on the web today. Every year, the number of data breaches continues to increase. About 56 percent of data breaches in the first half of 2018 are social media data breaches. Moreover, companies leave thousands of files unprotected, according to the 2018 Varonis Global Data Risk Report. In the report, it was revealed that 100,000 folders are open to every employee for 58% of companies.
Cryptojacking is threatening ransomware’s position as the most dangerous form of cyber attack. Malware developed to infect systems to mine for cryptocurrency, cryptojacking is replacing ransomware on the watchlist of cybersecurity analysts. Several studies also show that most recent malware attacks today are designed specifically for cryptojacking, where the malware infects a system with malicious code and then uses its CPU to mine for cryptocurrency.
With cryptocurrency shaping today’s cyber threat environment, mining services, and currency exchangers are facing the risk of getting hacked. According to Europol’s report in 2018, the ease of cryptojacking attacks and attack tool availability are leading to cryptomining malware becoming a regular thing in the cybercrime future trends. It is also expected to provide a low-risk revenue stream for cybercriminals.
While targeted attacks are not exactly new in the cybercrime scene, it is no less threatening than the existing types of cyberattacks. Targeted threats are crimeware designed for specific industries or corporations, and with its ability to capture sensitive information, it continues to become a major concern for most organizations.
In 2017 alone, there were more than 130 targeted and large-scale breaches in the United States. Moreover, the number keeps growing by 27 percent every year, according to a report by Accenture. The government, retail, and technology industries are the three most popular preys of targeted malware because of the highly valuable data of personal identifying information kept in their records.
Meanwhile, healthcare companies are emerging this year as one of the industries often targeted by such malware. Newest research by Proofpoint US, a California-based enterprise security solutions provider, found that about 77 percent of phishing emails were targeted the medical sector for the first quarter of 2019. The cybercrime trends in healthcare involved the use of malicious links disguised as regular emails.
Source: The SSL Store (2019)Designed by
An end-to-end encryption is one of the best ways to keep communication between two points anonymous and totally difficult to trace. Thus, there is no wonder as to why cybercriminals decided to shift to encrypted chatting platforms for communication and commerce. With encrypted peer-to-peer chat platforms like Jaber and WhatsApp, it’s harder for law enforcement to decrypt messages and eavesdrop on the plans of cybercriminals.
These instant messaging programs give cybercriminals an advantage. By using such a form of communication, the FBI finds it difficult, if not impossible, to decrypt their messages containing the details of their cybercrime operations. Skype, however, although not encrypted and as secure as other messaging platforms, is still among the most popular and most preferred platforms of cybercrime gangs around the world, according to FlashPoint’s study of communications platforms used by financially motivated cybercriminals.
As bitcoin becomes more popular, it’s also amplifying ransomware. Bitcoin has also been reported as one of the most popular ransom payment methods to elude law enforcement. And although other virtual currencies like monero see a growth in interest, bitcoin still tops the list of cryptocurrencies encountered in cybercrime investigations.
The value of bitcoin more than doubled in 2019. In the coming months, it could rally even higher than the $12,902 level in June of the same year. And because of its value, anonymity, and decentralized system, cybercriminals are naturally drawn to it. It became the preferred currency of darknet criminals and thus increased the number of cryptocurrency malware. In 2017, Malwarebytes, an anti-malware software company, reported having to stop 250 million attempts to infect PCs with coin-mining malware in just one month.
By overloading a server with a maximum number of junk requests, DDoS attacks can take down even the largest websites. Apart from its number, the sophistication, complexity, and duration of DDoS attacks are also increasing and becoming even more problematic. This is why Norton dubs DDoS attacks are one of the most powerful weapons on the Internet.
In 2016, DDoS attacks increased by 125 percent year over year, and that figure keeps increasing. During the second quarter of 2019, a higher number of high-profile DDoS attacks than the first quarter was recorded. This could be attributed to the inexpensive cost of DDoS-as-hire attacks, making it one of the most affordable cyber weapons for the likes of regular industry competitors or Internet trolls. Nonetheless, security companies are widely implementing protection from DDoS.
Source: Kaspersky, 4th quarter of 2018 (2019)Designed by
Emails today are still one of the most commonly used forms of communication, but with the rise of cyber threats, it becomes more vital to learn how to manage emails effectively and ensure that they are safe. Business email scam is another old trend in the cybercrime scene that does not show any sign of going away anytime soon. Up to this day, it’s still a billion-dollar enterprise, and it’s targeting about 6 thousand businesses every month. FBI attributed $12 billion in domestic and international losses to BEC scams recorded between October 2013 and May 2018.
During the past 12 months, businesses received an average of five BEC scam emails. That is according to Symantec, which further reports that their businesses have a 17 percent chance of getting one or more BEC emails per month. Reports also show that the top targets for BEC fraud in 2017 and 2018 are manufacturing and construction firms.
Social engineering attacks can affect businesses of all sizes, and that is still true in 2019, especially with the amount of trust businesses and individuals place on online communication. Computer-based social engineering, which includes phishing campaigns, baiting, and clicking on malicious links, remains prevalent in today’s highly digital era. Even the best cybersecurity software companies would admit that social engineering in cybercrime is still a major concern.
The percentage of successful social engineering attacks rose from 71 percent in 2015 and 76 percent in 2016 to 79 percent in 2017. Moreover, it takes roughly five months to detect a social engineering attack, which is why it’s one of the most popular methods for data breach. 97 percent use social engineering, while only three percent of data breach attacks involve malware.
Phishing is as prevalent as ever, and it is even on its way to becoming 2019’s most significant cybersecurity threat. To combat phishing attacks, security companies over the years, kept developing new methods, such as hardware-based authentication and renewed approaches to security-oriented training and awareness, yet phishing is still effective today and many still fall victim to it.
Furthermore, phishing attempts can be difficult to spot and even more difficult to avoid. This is most especially true in the case of mobile users. Last year, Lookout reported that about 56 percent of mobile users received and tapped on a phishing URL. To prevent phishing attacks, it is important to always be cautious about personal or business emails, advertisements (linked URLs) on websites and in apps, as well as text messaging and other messaging services as they are often used in phishing.
Source: Statista Research Department (2019)Designed by
Because of the rise of RDPs, this year saw a decline in automated attack toolkits. Designed to exploit vulnerabilities in widely used software, automated attack toolkits are now being replaced by RDP attacks. RDP credentials can give attackers remote access to a corporate environment, which further leads to a network search of intellectual properties or cryptolock systems.
Thus, RDP is now becoming a common method for cybercriminals to gain access to systems and data, with their targets usually small and medium-sized businesses (SMBs). According to Beazley, about 71 percent of ransomware attacks target SMBs, and RDP usually acts as an attack vector to further launch a ransomware attack.
There are two sides to a coin, and so there are too in cyberspace. Cyberspace is a great place for commerce, societal advancement, and innovation. However, there also lies the risk of becoming a target for various forms of cyberattacks. Advanced technology and systems give an edge to businesses and organizations, but it means newer and more advanced methods for cybercriminals to attack too, leading to a cybercrime trends increase.
These trends reflect that cybercrime today presents the trickiest types of crimes to deal with. Cybercriminals are getting bolder every day and impact many industries, but most of all, they threaten businesses of all sizes on the web. Bigger organizations have deeper pockets for more advanced security tools to face cyber threats, but small business enterprises are not always so lucky. Thus, staying aware and vigilant at all times can go a long way in preventing these cyberattacks from occurring, and it is also helpful to know what IT security solutions are perfect to protect your site.
FinancesOnline is available for free for all business professionals interested in an efficient way to find top-notch SaaS solutions. We are able to keep our service free of charge thanks to cooperation with some of the vendors, who are willing to pay us for traffic and sales opportunities provided by our website. Please note, that FinancesOnline lists all vendors, we’re not limited only to the ones that pay us, and all software providers have an equal opportunity to get featured in our rankings and comparisons, win awards, gather user reviews, all in our effort to give you reliable advice that will enable you to make well-informed purchase decisions.