2020 will go down in history as the year of coronavirus. But 2020 was also the year we started working remotely en masse, online shopping became commonplace, and grandparents discovered Skype and Zoom to chat with their grandchildren. Cybercriminals quickly realized that this was the perfect time to make their move: people are vulnerable if they are using online applications they don't know well, if their devices are not as secure as in the workplace, and if the whole family is using the same computer.
2021 will not bring improvement anytime soon, as scammers are still lurking. What cyber threats can we expect?
Phishing: an ever-present problem
In 2020, internet users forwarded 3,200,000 suspicious messages to firstname.lastname@example.org. Those are staggering numbers. Phishing messages are and will continue to be the main gateway for criminals to access your computer in 2021. They occur in all forms: by email, but also increasingly through text messages and social media. Scammers seize on every current event to send messages that arouse people's curiosity.
The police raised the alarm a number of times in 2020, and reported about victims who lost many thousands of euros. Every week, victims testify in the media. But businesses can also fall victim to phishing. In such cases, phishing is often used to launch a ransomware attack. All it takes is for one absent-minded employee to click on a link in a fake message and the data of the entire organization becomes encrypted.
Ransomware without conscience
Ransomware is a virus that can encrypt data and then demand a ransom to release the data. Anyone can fall victim to ransomware. Criminals choose their victims deliberately and without conscience: even hospitals are targeted, and recently a lab that analyzes corona tests was attacked.
We have seen a continued increase in the number of ransomware attempts in recent years. In 2020, the CCB received 82 reports of ransomware, but that is just the tip of the iceberg. Companies are not eager to disclose that they were victimized. In addition to the financial losses, the reputational damage can be significant for a company. Ransomware attacks bring a lot of money to criminals, so this trend will not disappear in 2021.
Online scams in a new guise
Once again, it was police forces and the banking industry that reported all kinds of online scams in 2020. Often they are improved versions of old techniques. Police figures show that online crime increased by 30% in 2019 compared to 2018. And Febelfin constantly issued regular warnings about new forms of online fraud.
One example is the Microsoft Scam, in which a supposed Microsoft employee contacts his or her victims in poor English because they allegedly have a problem with their PC. The scammer then takes control of the computer and plunders from the user's bank account. This year we saw several variants pop up, e.g. scams written in Dutch and French, allegedly from Proximus. But other forms of online scams have also done the rounds: invoice fraud, help request fraud, friendship fraud, safe account fraud and CEO fraud. What all these scams have in common is that the scammer does not have to be a hacker. A bit of courage is all it takes to send a misleading message or make a phone call. The scammers manage to fool their victims and convince them to transfer amounts to their accounts.
DDoS attack as a cover
With a DDoS (Distributed Denial-Of-Service) attack, criminals try to take down a web server by overloading it with a very large number of page requests. A DDoS attack in itself is not a danger and will pass by, but often such an attack is used to hide another attack or as an additional means of pressure e.g. in a ransomware attack. We will definitely see this in 2021.
Down with the internet!
If too many incidents and abuses crop up, users lose confidence in the digital environment. The everyday internet user hears about what can go wrong: you have to watch out when you open a message and you have to be careful when you shop online. Innocent actions we carry out every day suddenly become dangerous. Companies and organizations that lack the resources to have their systems managed by experts also live with the constant fear of becoming victims. There is a fear that users will seek alternatives, which would represent a step backwards in the digitalization of society.
Miguel De Bruycker, Director of Centre for Cyber Security Belgium