Threat Intelligence

Top 9 cybercrime tactics, techniques and trends in 2020: A recap

Dan Virgillito
February 8, 2021 by
Dan Virgillito

2020 was a busy year for cybercriminals, with new opportunities brought on by the COVID-19 lockdowns and digital transformation initiatives. According to McAfee’s “The Hidden Costs of Cybercrime” report, losses from cybercriminal activity cost the globe more than $1 trillion last year. Attacks specifically aimed at exploiting the regulations around the pandemic increased drastically, but companies also experienced social engineering, ransomware and other types of cybercrime. 

What were the top cybercrime techniques and trends of 2020? As per the seventh annual Internet Organized Cyber Threat Assessment (IOCTA) report from Europol’s European Cybercrime Center, ransomware attacks were the top cyber threat for law enforcement agencies. Additionally, adversaries used techniques like business email compromise and cryptocurrency abuse to exploit their targets.

Here’s a recap of the top cybercrime techniques and trends that surfaced last year.

1. COVID-19 specific phishing

Cybercriminals took advantage of topical trends and fears in the wider marketplace to access sensitive details. When COVID-19 hit, the rise of phishing strategies specifically linked to the pandemic surged. Criminals began twisting existing forms of cybercrime to suit the narrative of the pandemic. In the UK, older people began receiving emails and phone calls offering them a vaccine for the ailment in exchange for information. 

Malicious individuals may use coronavirus-themed emails in a variety of ways to generate results. Common examples include health advice emails that ask customers to click on a link and workplace policy emails for remote employees.

2. Ransomware

Ransomware isn’t a new concept, but it remains the most dominant threat as criminals continue to increase pressure on companies that need to protect their reputation. Attacks are becoming increasingly more targeted, and it seems that no company is safe. Victims of 11 of the largest ransomware attacks spent over $144.2 million in response to the attack in 2020. 

In August of 2020, North American land developer and homebuilder Brookfield was hit by a cybercriminal group named Darkside, who demanded payment for data downloaded from the business about administration, finances, commercial insights, payroll, and more. With the personal details of 151,000 employees at risk, the business was forced to pay out to protect its staff’s privacy.

3. Business Email Compromise 

Business Email Compromise (BEC) attacks are continuing to rise as more people work digitally. As countless companies shift into the remote working environment, teams are spending more time in their email inboxes, dealing with information that they may not be used to seeing. A business email compromise attack could involve a criminal accessing a business email account to send money requests to a financial department. 

Alternatively, criminals could use the same spoofed accounts to request sensitive information or data that could later allow for a ransomware attack.

4. Distributed Denial-of-Service attacks

Though the number of DDoS attacks, in general, has begun to decline, some individual attacks continued to make headlines in 2020. DDoS attacks prevent employees and business leaders from accessing the tools they need to operate, from email addresses to websites. 

In 2020, the Amazon Web Services DDoS attack was potentially the largest in the industry. The company was hit by a giant attack in February, using rapid-fire technology to overwhelm a set of cloud servers. The attack lasted for three days in total and peaked at a level of around 2.3 terabytes per second, causing massive disruption to the cloud solution. 

5. DeFi cryptocurrency hack

DeFi attacks exploded in volume during 2020. According to the most recent reports, there were around 15 hacks of DeFi (cryptocurrency) platforms last year, which amounted to around $120 million in stolen funds. Cryptocurrencies hold particular appeal for cybercriminals as they allow for anonymous payments on various platforms.

The DeFi attack that generated the worst outcomes was the attack, which cost around $25 million in lost funding. A re-entrancy vector allowed the adversaries to interact with token contracts as though they had much collateral and steal the platform's assets.

6. Credential stuffing

Credential stuffing is another common example of a cybersecurity threat that continued to grow during 2020. This cyberattack tactic involves testing millions of email and password combinations on different sites, hoping that the details that work for one website may work for another. 

The pandemic-driven movement to more digital platforms sparked a massive rise in digital fraud activities. Since many of today’s remote working employees reuse passwords on multiple platforms, the opportunity to steal business credentials is enormous. Last year, video-conferencing company Zoom fell victim to this attack, with 500,000 usernames and passwords distributed on the dark web. 

7. Smishing attacks

Smishing is a relatively new concept in the cybercrime landscape, but it’s one that’s gaining attention fast. The tactic involves sending fraudulent text messages to customers, often emulating banks or other official companies to get personal details. Similar to phishing, smishing executors hope that the act of sending a text will generate less suspicion in customers, leading to more successful attacks.

Customers don’t have the same skepticism about text messages as they do for email messages yet. Additionally, it’s often difficult for banks to protect customers against smishing attacks because many criminals abuse the alpha tag SMS thread and signaling vulnerabilities.

8. Modular malware

Most companies have already heard of malware, and they work hard to protect themselves from it with various forms of cyber protection. However, law enforcement agencies in 2020 became increasingly concerned about the extent to which crime gangs would combine modular segments of malicious code to form bigger attacks. 

Criminals appeared to be working together more frequently in 2020. There was a lot of subcontracting and cooperation among threat actors, which led to an increase in opportunity for thieves. If criminals continue to work together in the years ahead, it may become increasingly difficult to fight back. 

9. Shoulder surfing

Now that employees are spending more time outside of the office, they’re becoming increasingly comfortable with using their workplace credentials on various devices. This could mean that aside from logging into platforms in their home office, employees are also dealing with work requests on their smartphones when they’re out shopping or logging into tablets from coffee shops and shared spaces. 

A rise in “anywhere” work could open the door for more vulnerable employees who forget to protect themselves against the people that could easily be looking over their shoulders. Shoulder-surfing may be a low-tech form of cybercrime, but it’s still a dangerous one, and hackers can even carry it out over videoconferencing.

Hands-on threat intel training

Hands-on threat intel training

Learn how to collect, analyze and act on cyber threat intelligence with expert instruction and hands-on exercises in Infosec Skills.


2020 is finally over, but the criminals that emerged throughout the year are still going strong. The cybercrime trends and techniques that emerged last year will influence the security issues that we continue to face in the years ahead. Now’s the time for all organizations to reconsider their security strategy and ensure that they have solutions to stay ahead of the curve.


Dan Virgillito
Dan Virgillito

Dan Virgillito is a blogger and content strategist with experience in cyber security, social media and tech news.