8 Fastest-Growing Types Of Cybercrime To Guard Against

Here's a look at eight of the most threatening types of cybercrime from botnets to cryptojacking to ransomware identified by threat researchers and technical leaders at Kaspersky, Panda Security, and Symantec.

Cybercrime And Punishment

Cybercrime is causing unprecedented damage to both private and public enterprises, driving up information and cybersecurity budgets for commercial enterprises of all sizes as well as governments and educational institutions. In fact, cyberattacks are the fastest-growing crime in the United States, increasing every year in size, sophistication and cost.

By 2021, cybercrime is expected to be more profitable than the global trade of all major illegal drugs combined, costing the world $6 trillion annually, up from just $3 billion in 2015, according to Cybersecurity Ventures. This represents the greatest transfer of economic wealth in history, and puts the incentives associated with innovation and investment at risk.

From botnets and cryptojacking to business email compromise and ransomware, here's a deep dive for CRN's Cybersecurity Week 2019 into eight of the most threatening types of cybercrime threat researchers and technical experts at Kaspersky, Panda Security, and Symantec believe are on the horizon.

Accountant Targeting

Accountants are being phished heavily, often with fairly convincing schemes in which they receive an email message from what appears to be an individual at another organization with which they do business, according to Kurt Baumgartner, principal search researcher at Moscow-based Kaspersky.

But unbeknown to the victim, that email from a business partner with a link or email attachment asked for a transaction to be handled has actually been co-opted by an adversary, Baumgartner said. The malware contained within the link or attachment will typically inject itself into the browser, and then look for unsecured financial data, according to Baumgartner.

Targeting accountants gives adversaries quick access to financial data, and stolen credentials make it possible for threat actors to move money out of their accounts, Baumgartner said. In addition, Baumgartner said macros are used frequently in the accounting world for legitimate work, but end up providing a vehicle for delivering malware once they're in the wrong hands.

Business Email Compromise

The volume of business email compromise (BEC) exploits has grown by 50 percent between 2018 and 2019, resulting in a loss of $1.2 billion, according to Kevin Haley, director of Symantec Security Response for the Mountain View, Calif.-based company. BEC is a great entry-level crime that makes virtually all adversaries money regardless of how advanced or developed their skillset is, Haley said.

Instead of asking for money, Haley said threat actors will typically ask for gift cards during impersonation attacks since it's easier to convince someone from a social engineering standpoint to buy gift cards to reward employees than it is to convince them to send a check or wire transfer. Adversaries are then able to convert those gift cards directly into cash, according to Haley.

Hackers like to eventually take their communication with victims out of the email system and into text messaging to make it more difficult for spam or malware filtering technology to detect suspicious behavior, Haley said. In addition, the victim themselves has fewer hints or clues on a mobile device that something isn't right as compared with a similar conversation taking place via email from a client device.

Cryptojacking Of Mobile Devices

The cryptomining activity traditionally seen around servers and workstations in the corporate world has shifted to take advantage of the CPUs powering Android devices, according to Rui Lopes, head of sales engineering at Bilbao, Spain-based Panda Security.

By broadening their attack surface, adversaries can increase the amount of compute power they have access to, thereby increasing their profitability, according to Gianluca Busco-Arre, Panda Security's VP of sales and operations in North America. Cryptojacking a mobile device will almost certainly result in damage to the smartphone's battery and CPU, Busco-Arre said.

Businesses can safeguard against multi-vector cryptomining campaigns by having Windows, Mac, Linux, and Android accounts defended through the same management platform, Lopes said. A single platform allows enterprises to have more visibility across their entire ecosystem and better address the threat from a monitoring standpoint, according to Busco-Arre.


Formjacking refers to when adversaries have broken into outward-facing web servers and installed JavaScript or another type of virtual code to collect the credit card information inputted by users, said Symantec's Haley. This virtual code can sit on unprotected sites for months and is difficult to find since it's just a single line of code, Haley said.

Haley expects formjacking to expand beyond credit card numbers to include other information inputted by users onto websites that could be sold like social security numbers and phone numbers. The malicious code will often come through third-party software licensed by someone else like a chatbot, allowing the threat actor to go after all of the chatbot's customers at once, Haley said.

Even if the communication itself is encrypted using https, adversaries will still be able to collect the sensitive data via formjacking since they've connected into the victim organization's web server itself, Haley said. Formjacking started taking off in 2018 and has continued to grow this year since the attacks themselves don't require much sophistication and it's easy to monetize the stolen information, he said.

Internet of things - IOT via communication network service on mobile apps and smartphone and tablet technology for people in digital 4.0 lifestyle

Internet of things - IOT via communication network service on mobile apps and smartphone and tablet technology for people in digital 4.0 lifestyle

Mirai Botnet Against IoT Devices

IoT devices such as webcams, IP camera, and home and small business routers are often not designed with security in mind, which has attracted threat actors looking to take advantage of the immaturity of the space, said Kaspersky's Baumgartner. Many IoT devices aren't configured properly once installed or brought online and forgotten about, making them more vulnerable to attack, Baumgartner said.

Convenience and pluggability are top of mind for developers of IoT devices, meaning that commonly-known manufacturer passwords often aren't reconfigured when setting up a new router or smart lightbulb, Baumgartner said. Mirai botnets go through common credentials and try to brute force their way into smart devices, according to Baumgartner.

Mirai botnets first came online in 2016 and the original source code has been posted online, resulting in at least a dozen different variants now making their way through the internet, Baumgartner said. As a result, Baumgartner said businesses and municipalities using internet-enabled devices have been vulnerable to brute force attacks.

Remote Desktop Protocol

Adversaries are continuing to use remote desktop protocol as their foot in the door to get into the victim's system, and from there move laterally into the system they're most interested in exploiting, said Panda Security's Lopes. Old techniques are increasingly being fused together into more sophisticated attacks, capitalizing on improper or outdated patching to wreak havoc, Lopes said.

Remote desktop protocol is the key element in how threat actors get in, making it possible for them to either directly execute their code in remote systems or gain lateral access to other computers or endpoints in the network, Lopes said. Adversaries are then able to utilize the network for everything from mining cryptocurrency to more targeted attacks, according to Lopes.

Millions of people rely on remote desktop protocol to connect to machines for legitimate purposes, said Panda Security's Busco-Arre. For that reason, Busco-Arre said it's imperative to be able to regain control over the infrastructure if someone is using remote desktop protocol to mine cryptocurrency.

Social Engineering

Adversaries have gotten better at refining their phishing messages to increase the likelihood that an individual in the organization will open up the correspondence, according to Kaspersky's Baumgartner. Threat actors have spent more time refining their social engineering to ensure they're able to get through spam traps and other first-layer defenses, Baumgartner said.

Hackers have gotten more effective in the message they deliver to targets, for instance targeting financial controllers with emails from one of several banks the organization is using, Baumgartner said. And if adversaries are targeting the central controller, Baumgartner said they'll tailor the email to that location as well.

After swindling the organization with a phishing attack, Baumgartner said the hackers will often try and extort the victims by locking up their machines with ransomware exploits. Therefore, Baumgartner said a successful social engineering operation against an individual can snowball into broader problems for the business.

Targeted Ransomware Attacks

Overall ransomware activity has decreased at a steady clip since the adversaries were only able to ask individuals for $200 or $300 and often didn't end up getting paid, according to Symantec's Haley. But by instead using ransomware to cripple organizations, Haley said hackers realized they'd be able to demand a much larger payment.

Other groups beyond SamSam got involved last year in targeting businesses with ransomware, Haley said, resulting in campaigns where – for instance – many dentists found that not only their data, but also their backups were being held for ransom. Threat actors have also realized that targeting a company's supply chain with ransomware allows them to get a lot of bang for their buck, Haley said.

Adversaries look for weakness in the victim organization and are very patient once getting in, Haley said, mapping out the business and gathering credentials for as many machines as they can. And once they have enough machines, Haley said they roll out the ransomware and hit everyone at once.