Spam and phishing attacks soared in 2021 as cyber criminals lured users by focusing on topics related to lucrative investments, online streaming of box-office hits including the James Bond film No Time to Die, and themes related to the pandemic, the latest annual report by Kaspersky found.
Cyber attack risks have risen sharply with fraudsters moonlighting as reputable individuals and entities, in line with the increased adoption of digitisation, the Moscow-based cyber security firm said.
“The equation here is very simple: the more things are connected to the internet, the bigger the opportunity for exploitation, and larger the attack surface,” Amir Kanaan, managing director for the Middle East, Turkey and Africa at Kaspersky, told The National.
“As we continue to push the boundaries of what technology can do, cyber security should always be a top priority for innovators and remain at the forefront of any new technology. However, most of the time, it is overlooked.”
The average financial impact of a ransomware attack in the Middle East, Turkey and Africa region reached about $882,000 in 2021, Mr Kanaan said.
Spam emails are unsolicited messages sent in bulk that potentially carry malicious content, while phishing involves fake emails appearing to come from a reputable source with the aim of securing personal information, such as passwords and credit card numbers.
The proportion of spam emails in global traffic averaged 45.6 per cent in 2021, peaking at 48 per cent in June. While this is down from the 50.4 per cent average in 2020, it remains significant.
The majority of spam emails in 2021 came from Russia (24.77 per cent), followed by Germany (14.12 per cent), the US (10.46 per cent), China (8.73 per cent) and the Netherlands (4.75 per cent), according to Kaspersky. Rates in all countries rose, except for the US, which remained flat.
In 2021, more than 148 million malicious email attachments were blocked by Kaspersky technology, down from 184 million in 2020. October recorded the most attacks blocked, accounting for about 10 per cent, or 15 million, of the 2021 total.
Here are the top three strategies cyber criminals used in 2021 to trick internet users into giving up their information:
Investments with no returns
With interest in investing gaining ground in 2021, cyber criminals took the opportunity to defraud vulnerable users and steal money, most notably by posing as popular companies or business figures.
In Russia, for instance, scammers disguised themselves as Tesla chief executive Elon Musk and energy major Gazprom Neft to attract attention and gain the trust of people for their “investment projects”. In some cases, they would invite a “customer” to a consultation with a “specialist” in an attempt to establish their legitimacy.
The outcome was the same: the investor would receive nothing in return for handing over their money to the scammers.
Streaming the wrong series
With pandemic restrictions easing in 2021, the entertainment industry made a big comeback, with movie studios — and cyber criminals — aiming to cash in on popular films.
Fraudsters lured users by pretending to stream some of the year's biggest box office releases and sporting events.
They used different strategies to win victims' trust, such as using official advertisements and providing a synopsis of the film on an illicit website, Kaspersky said.
In September, Kaspersky reported that hackers exploited the buzz around the James Bond film No Time to Die by running malicious ads, pop-ups and movie-related phishing websites that promised free access to the movie.
In December, it also sounded an alarm during the hype surrounding the release of Marvel's Spider-Man: No Way Home, warning that cyber criminals were using the same tactic to spread malware and steal credit card information.
“Widely discussed topics such as money, movie premières and worldwide happenings, like the pandemic, have always been 'bread and butter' for scammers. We keep seeing it return from year to year,” Tatyana Sherbakova, a security expert at Kaspersky, said in the report.
Talking about the virus
Cyber criminals did their best to take advantage of the pandemic and continued sending messages about compensation and subsidies related to easing the burden of the global economic slowdown.
managing director for the Middle East, Turkey and Africa at Kaspersky
Emails used references to laws and the names of government organisations to make them look more convincing. To receive compensation, cyber criminals asked recipients to pay a small commission fee to cover the cost of the transfer, which meant providing bank card details, which the scammers would then acquire.
The sale of fake Covid-19 vaccination passes and QR codes was also another source of income for cyber criminals, highlighting how quickly they could produce forged documents. Buyers were required to reveal sensitive personal information to “dealers” of the certificates to make the transaction.
“These scams prove to be very efficient as people continue to trust too much of what they see in their in boxes and browsers,” Ms Sherbakova said.
