Technological and societal developments and a pandemic have utterly changed the business landscape as we knew it. Enterprises have massively adopted multiple cloud platforms, moving data, applications and services outside the traditional corporate perimeter. At the same time, the COVID-19 crisis illustrated how criminals actively take advantage of a vulnerable society. Criminals tweaked existing forms of cybercrime to fit the pandemic narrative, abused the uncertainty of the situation and the public’s need for reliable information.
As Europol notes “The opportunistic behavior of criminals during the pandemic, however, should not overshadow the overall threat landscape. In many cases, COVID-19 caused an amplification of existing cybercrimes, exacerbated by a significant increase in the number of people working from home.”
At Thales we wanted to investigate what the cybersecurity trends are around the world. Do countries face the same threats or are these threats differing from continent to continent? We decided to look at the findings of official state reports and reports issued by transnational organisations like Europol. These reports were released either in the second half of 2020 or during the first few months of 2021.
Let’s have a look at the trends shaping the cybersecurity industry.
Cyber crime is on the rise in every country or region
This is the most widely evident finding. Every country, in every part of the world, is reporting that. In the United States, the FBI report indicates that there was a 69% increase in total complaints in comparison with 2019. In the UK, four out of ten businesses (40%) and 25% of charities report having cyber security breaches or attacks in 2020. In Singapore, cybercrimes accounted for 43% of overall crimes. Israel witnessed a 50% increase compared to the previous year.
The common denominator across all countries is that these criminal activities are mostly targeting the sectors of healthcare, finance, energy, education and government. As the Canadian authority reported, these attacks are not only threatening the physical safety of citizens, but also disrupting the national and local economies.
A report jointly published by France and Germany states that there are two major types of threat actors in the current cyber-threat landscape.
- “State or state level actors, who mainly focus on cyberespionage, destabilization or sabotage.”
- “Cybercriminals who operate with a financial motivation and are responsible for the greater majority and volume of attacks.”
Finally, a common trend witnessed in many countries is the threat these criminal activities posed to democracy itself. Deepfakes, mis and disinformation threaten to disrupt the social tissue of modern democracies by damaging the trust people place on institutions, each other and science.
Social engineering and phishing attacks are the most common vector
Criminals are mostly aiming to exploit human vulnerability and a lack of cybersecurity education. A common Franco-German report stresses, “beyond the exploitation of people’s fears and uncertainties, the lack of cybersecurity awareness of the victims is the key reason for particularly successful cybercriminal campaigns in 2020.”
Europol explains that “With regard to social engineering, in particular phishing, cybercriminals are now employing a more holistic strategy by demonstrating a high level of competency when exploiting tools, systems and vulnerabilities, assuming false identities and working in close cooperation with other cybercriminals.” The same report goes on to say that “the majority of social engineering and phishing attacks are successful due to inadequate security measures or insufficient awareness of users.”
The situation is no different in other continents. In Australia, phishing accounts for 30% of all cyber incidents, ranking in the first place of all vectors, while in the Sub-Sahara Africa region it is reported that phishing and social engineering attacks are the top threat (67%).
Ransomware cases increase
Ransomware attacks are the “celebrities” of cybersecurity crimes because their impact makes headline news.
In Singapore, ransomware attacks marked a 154% rise compared to 2019. In Canada, “researchers estimate that the average ransom demand increased by 33% since Q4 2019 to approximately $148,700 CAD in Q1 2020 due to the impact of targeted ransomware operations.” In South Africa, Kenya and Zimbabwe, ransomware attacks account for 50% of the reported cases.
As Europol comments “Ransomware remains one of the, if not the, most dominant threats, especially for public and private organizations across the world. Ransomware has shown to pose a significant indirect threat to businesses and organisations, including in critical infrastructure, by targeting supply chains and third-party service providers.”
Increased concern about attacks targeting Operational Technology (OT) systems and critical infrastructure
In the words of the French ANSSI and German BSI, “The digitization of production processes underpinning the core activity of an entity, through the connection of operational technology (OT), will carry risks for the near future.” This trend constitutes an aggravated cyber risk for the near term future, since those OT systems typically have a long lifecycle, they are expensive, and they are not changed or upgraded on a regular basis. In addition, most of the currently working OT systems were installed at a time when IT security was not recognized as a vital factor for the operation of OT systems.
Europol further explains that “criminals have converted some traditional banking Trojans into more advanced modular malware to cover a broader scope of functionality. These evolved forms of modular malware are a top threat in the EU, especially as their adaptive and expandable nature makes them increasingly more complicated to combat effectively.”
The impact of attacks against critical infrastructure, such as manufacturing and energy, was evidenced in the high profile attacks against Colonial Pipeline and JBS. The Canadian authority expresses the same concerns: “Since January 2019, at least seven ransomware variants have contained instructions to terminate ICS (the Canadian Incident Command System) processes. The impact of these attacks on the ICS varies according to the specific circumstances of the industrial process and the reaction of the site staff. In June 2020, a car manufacturer halted production at most of its North American plants, including one in Canada, ‘to ensure safety’ after very likely being hit by one of these ransomware variants.”
Other important findings
The reports also contain many other important findings that we will cover in upcoming articles. Some of these include:
- Business Email Compromise (BEC) is the costliest attack method.
- Online child sexual abuse material (CSAM) and SIM swapping attacks are a major concern.
- Privacy concerns are increasing since personal data is a key target of all attacks.
As our world becomes more digitized and dependent on emerging technologies, cyber risks and threats will also evolve. Organisations and societies need to invest in people, processes and technology to provide a safer future for everyone – children, families, employees, businesses, economies and countries.
Thales offers a diverse portfolio of cybersecurity solutions that can help safeguard our digital future. Get in touch to learn how we are helping you build a future you can trust with a specialist.
Common Franco-German situation report: https://www.ssi.gouv.fr/uploads/2020/12/anssi-bsi-common_situational_picture_2020.pdf