Cyber-criminals will likely shift their focus from personal data collection to phishing and ransomware in 2021, according to the Identity Theft Resource Center (ITRC). Rather than targeting large companies and attempting to breach their networks to steal sensitive data, likely to sell on dark web forums, threat actors will increasingly perform phishing and ransomware attacks. The ITRC reports that cybercriminals’ tactics are already exhibiting a shift from relying on stolen personal information to gain access to a network and are targeting poor consumer behaviors, such as reusing passwords, instead.
Ransomware and BEC attacks are mostly automated and require less effort. Detection is also less likely and the payouts are much higher than merely taking over one individual’s account. In ransomware, demands have been increasing at a dramatic rate as the average ransomware payout grew from less than $10,000 in Q3 2018 to $179,000 by the end of Q2 2020. BEC scams also cost businesses more than $1.8 billion in 2019, according to ITRC.