The German Federal Criminal Police Office has published the National Situation Reports on Cybercrime 2020. How the cybercrime sector is developing, which companies and institutions are most at risk and what is meant by cybercrime-as-a-service – we take a closer look at the data.
Based on the police crime statistics, the German Federal Criminal Police Office presents the latest developments in cybercrime every year. We’ve worked through all the numbers and statistics in the National Reports on Cybercrime (2020 only available in German, older versions in English are available here) and present our top 5 findings.
1. Corona makes the situation worse
Cybercrime cases are up 7.9% compared to 2019. This is mainly due to Corona-related changes: the rapid digitalization of almost all areas of life, remote working in the home office, messenger services and online shopping provide cybercriminals with more and more attack surfaces. For example, brute force attacks on poorly protected remote desktop protocols (RDP) are a common gateway to the actual target systems.
The sad realization is that criminals know how to exploit emergency situations. And the number of unreported cases is probably even higher: on the one hand, many attacks fail, or victims are not even aware that they have been successfully attacked. On the other hand, many companies are afraid of the resulting damage to their image and would rather pay ransom demands in the millions than go to the police – and so criminals can continue to operate successfully.
2. The biggest threats continue to be ransomware, phishing, DDoS & co.
The basic techniques have not changed much in recent years. The most common types of attack continue to be mail spam and phishing, malware and especially ransomware, and DDos attacks. To obtain digital identities, hackers still use spam mail campaigns or phishing attempts initially. In addition, malware and ransomware programs such as Emotet and Trickbot are also frequently distributed via email. The most harmless of these are adware such as Silver Sparrow, which repeatedly displays unwanted advertising content. The most dangerous, especially for critical infrastructures, are ransomware attacks such as Doppelpaymer or Ryuk, which encrypt entire systems and can only be cracked through a key bought by a large ransom. Often, sensitive data is also stolen in the process and then sold on platforms in the darknet.
3. Booked on the darknet: Cybercrime-as-a-Service
Hackers are also learning, and analysis by the Federal Criminal Police Office shows that the quality of attacks continues to rise. Book the cyber-attack on the net? That’s possible and becoming more and more common. Professional and organized cybercriminals offer their services on the darknet. The offers start with a few cents for spam mails and can run into the tens of thousands for sophisticated Trojans. This underground economy is currently booming and gaining more and more relevance. This also creates space for criminals who previously lacked the technical skills and are now just buying them.
4. Big game hunting – large and important companies are more at risk
It is also apparent that criminals are increasingly targeting specific victims. They are focusing on the “big game”, i.e. large companies and public institutions. Last year, the healthcare system and companies in the healthcare sector (specifically vaccine developers) were particularly targeted by hackers, as they are especially systemically relevant and ransomware demands could be more successful accordingly. One example of this is the attack on the University Hospital in Düsseldorf, due to which patients had to be distributed to surrounding hospitals and over 100,000 patient records were stolen. Comprehensive and area-wide protection of critical institutions is therefore essential today and in the future.
5. Effective protection against cybercrime – what can you do?
The most important thing is to create awareness for IT security in your company, because the “human factor” is still one of the greatest dangers. Insecure IT systems are the next hurdle. These include, for example, databases that are not secured or are incorrectly configured, vulnerabilities such as remote access, or a lack of IT security programs and protective measures. Regular evaluation of all protection systems, updating existing security software and regular training of personnel should be part of the daily routine of all companies.
Here’s how you can protect your business with good password hygiene.