- Home >
- Services >
- Access to Knowledge >
- Trend Monitor >
- Domain of Application >
- Trend snippet: Phishing and ransomeware campaigns are being launched to exploit the current crisis and are expected to continue to increase in scope and scale
Trends in Security Information
The HSD Trendmonitor is designed to provide access to relevant content on various subjects in the safety and security domain, to identify relevant developments and to connect knowledge and organisations. The safety and security domain encompasses a vast number of subjects. Four relevant taxonomies (type of threat or opportunity, victim, source of threat and domain of application) have been constructed in order to visualize all of these subjects. The taxonomies and related category descriptions have been carefully composed according to other taxonomies, European and international standards and our own expertise.
In order to identify safety and security related trends, relevant reports and HSD news articles are continuously scanned, analysed and classified by hand according to the four taxonomies. This results in a wide array of observations, which we call ‘Trend Snippets’. Multiple Trend Snippets combined can provide insights into safety and security trends. The size of the circles shows the relative weight of the topic, the filters can be used to further select the most relevant content for you. If you have an addition, question or remark, drop us a line at info@securitydelta.nl.
visible on larger screens only
Please expand your browser window.
Or enjoy this interactive application on your desktop or laptop.
Phishing and ransomeware campaigns are being launched to exploit the current crisis and are expected to continue to increase in scope and scale
- Slight increase of distributed denial-of-service (DDos) attacks following the outbreak of COVID-19.
- Initial spike in domains registered related to the words 'corona' and 'COVID', however, current figures indicate that this has stabilised. (Registered domain names form the backbone for many criminal operations).
Outlook for the future:
- The pandemic may multiply the damaging impact of a successful attack against certain institutions, which reinforces the necessity for effective cyber resilience.
- The number of phishing attempts exploiting the crisis is expected to continue to increase. However, we also expect a greater number of inexperienced cybercriminals to deploy ransomware-as-a-service.
RANSOMWARE
Ransomware is a type of malicious software criminals use to take files on a device hostage by encrypting the data and subsequently refusing access to them. To regain access to the files, the victim needs to pay the criminal a ransom. Generally, perpetrators request such a payment in the form of bitcoin or some other virtual currency. The primary focus therefore is on financial gain.
In recent years, criminals have focused their attacks on organisations. As many organisations
suffer disruption to business when they cannot access their files, criminals have a relatively high
likelihood of receiving the payment. Normally, criminals focus their attacks on high-value data or assets within organisations that are especially sensitive to downtime—so the motivation to pay a ransom is consequently very high. Hospitals are such an example, since downtime for a hospital could potentially lead to loss of life. Other examples include government agencies, universities and organisations within the manufacturing sector.
Ransomware is also offered on the dark web as a ransomware-as-a-service product. During the COVID-19 pandemic, most reports to Europol has related to previously known ransomware families, which suggests the involvement of established criminals continuing their business. However, new ransomware families have also continued to frequently appear during the pandemic.
To carry out a ransomware attack, criminals need to gain access to the system of their victim. This can be achieved through social engineering techniques such as phishing attacks. When the victim clicks on a link or opens a malicious email, the perpetrator can execute their strategy by infecting the device.
How has the COVID-19 pandemic changed the way criminals use ransomware?
The types of criminals exploiting the COVID-19 pandemic online were also active in the area of
cybercrime before. However, some are believed to have intensified their activities and are actively
recruiting collaborators to maximise the impact of their attacks or schemes.
The period between the initial infection with ransomware and the activation of the ransomware attack is shorter. Criminals do not wait for the ideal moment to launch the attack but try as soon as possible.
DISTRIBUTED DENIAL-OF-SERVICE
Only a slight increase in the number of distributed denial-of-service (DDoS) attacks has been observed following the outbreak of the COVID-19 pandemic. However, it is expected that will be
an increase in the number of DDoS campaigns in the short to medium term. Due to a significant increase in the number of people working remotely from home, bandwidth has been pushed to
the limit, which allows perpetrators to run ‘extortion campaigns’ against organisations and critical services and functions. DDoS is an accessible type of crime with limited barriers to entry because it is cheap and readily available.
MALICIOUS DOMAIN NAME REGISTRATION
Following an initial spike in the domains registered related to the words ‘corona’ and ‘COVID’, the
current figures indicate that this appears to have stabilised. These registered domain names form the
backbone for many criminal operations.
OUTLOOK
Ransomware has been the most dominant cybercrime threat over the last several years. The current crisis is unlikely to change that dynamic. The pandemic may multiply the damaging impact of a successful attack against certain institutions, which reinforces the necessity for effective cyber- resilience. The number of phishing attempts exploiting the crisis is expected to continue to increase. However, we also expect a greater number of inexperienced cybercriminals to deploy ransomware-as-a-service. Not all of these campaigns will result in successful attacks due to the lack of experience and technical skills of the criminals.