Cyber awareness trends

No matter the size or industry, cybercrime can affect any organization. Attackers are constantly evolving their attacks. In their attacks, they use topical issues such as the Corona vaccination campaign or the upcoming federal elections – and deliberately focus on the human factor. Based on the Human Risk Review’s findings, we explain what trends in cyber attacks you can expected in 2021 and how you can best protect your organization.

Hacker trend 1: Current topics = new attacks

2020 was a challenging year. The COVID-19 pandemic permanently changed our daily and professional lives. While most people were busy adjusting to the new situation, hackers were quick to react. As the growing number of phishing emails demonstrates, social uncertainty creates the perfect opportunity for cyberattacks. According to the European Union Agency for Cyber Security (ENISA)phishing attacks increased by more than 600 percent during the first lockdown in Europe. In addition, the Human Risk Review shows that, with the move to homeoffice and the introduction of new collaboration tools, employees have become more vulnerable to phishing attacks.

Home office, vaccination dates and federal elections lure cybercriminals

Various cyberattacks are also expected in the coming months: According to Deutsche Welle, Hackers could even influence this year’s federal election in Germany. Vaccination schedules and loosening of the Corona regulations also provide plenty of scenarios for new attacks. For instance, victims could be tricked by phishing mails with fake vaccination appointments. The intention is to lure victims into downloading malicious attachments with vaccination appointments or to disclose personal data on a fake website to book an appointment.

Hacker trend 2: Social engineering: It never rains but it pours

A growing number of cybercriminals manipulate their victims with psychological tricks or so-called social engineering. Attackers exploit a variety of emotions, such as stress or helpfulness. The Human Risk Review 2021 shows: Close to a third of all people will click on a phishing email if the email feigns a trusting relationship or praise. As the top 5 most clicked subject lines from 2020 show, the combination of curiosity and current affairs is particularly successful:

Top subject lines phishing emails
Top 5 phishing mail subject lines

In the future, in addition to classic phishing emails, attackers will increasingly use artificial intelligence (AI), which is why we can expect social engineering attacks that are even harder to detect. Voice phishing, so-called vishing, is one trick used by attackers: In this case, cybercriminals use an artificialy generated voice, which sounds like the voice of a superior, to gain access to passwords or data. This is what happened at a British energy provider: an employee was called by what appeared to be the CEO of the German parent company and asked to transfer money to a Hungarian bank account. As a result, the criminal was able to steal 220,000 euros.

Hacker trend 3: Trojans as a proven all-purpose weapon

They are still considered the most dangerous form of malicious software and account for 55 per cent of known malware: Trojans. It is particularly difficult for organisations and authorities to defend themselves against this complex all-purpose weapon. Because with their polymorphic design, Trojans repeatedly circumvent technical filters. If employees are not sensitised, they become a gateway for criminals – with drastic consequences.

This is also demonstrated by one of the more recent examples, Egregor. With this ransomware, cyber criminals use the so-called “double extortion” technique. This means that the criminals not only steal sensitive data from organisations, but also threaten to publish it on the internet in order to extort high ransoms from organisations and those affected. In such cases, apart from the financial loss, it is above all your organisation’s reputation that suffers.

At the beginning of 2021, the German Federal Criminal Police Office (BKA), in cooperation with Europol, succeeded in destroying “Emotet”, one of the most dangerous malwares in recent years. However, the success is by no means lasting, as cybercriminals will continue to drive IT managers to despair with new variants – and make organisations pay.

Protect yourself with interactive awareness training

The trends revealed by the Human Risk Review show: Hackers will always come up with new methods to trick their victims. One-off security training sessions are therefore not enough. With regular awareness training and simulated phishing emails, you can sustainably reduce the risk of your organization becoming the victim of a costly and image-damaging cyberattack.

With the awareness platform of SoSafe, employees can be sensitized to cyber and data protection in an interactive, time-efficient and sustainable way. By means of short, industry-specific learning units and gamification elements, employees learn in an entertaining way which cyber attacks they should expect. SoSafe also carries out the simulations automatically – meaning no additional internal resources are required. Awareness can be this simple.

Request a free copy now!

About SoSafe

The SoSafe Awareness Platform sensitizes and trains employees in dealing with the topics of cyber security and data protection. Regular phishing simulations and interactive e-learnings teach employees in an effective and sustainable way what to pay special attention to when, for example, using emails, passwords or social media. The employer receives anonymous but differentiated reporting and can so make awareness building measurable – completely in compliance with GDPR.