Skip to content

Trends in Cybercrime at the Beginning of 2021

The beginning of 2021 has brought some interesting developments in cybercrime. During the monitored period, there was an increase in the number of spam-based attacks, which even surpassed last year’s Christmas — usually the most active time of the year. There has been an interesting correlation between the rapid Bitcoin surge and the intensified activities of coin miners. We have also seen an extreme deviation from the norm concerning phishing attacks.Since the beginning of the year, Whalebone has protected users from more than 903,098,489 cyberthreats. Our monthly analysis pointed to a rapid rise in the number of attacks from the 17th of January (2,619,715 queries) until the 12th of February, when Whalebone blocked 23,085,388 attacks. Even though there was a slight decrease in cyber-attacks afterward, the daily average of 13,885,732 blockings was more than four times higher than the number of incidents at the beginning of the monitored period.

Distribution of Threats

Whalebone protects internet users from a wide range of cyberthreats. The predominant type of incident is malware — not only when it comes to the individual operations of malware, but also in terms of malware functioning over long periods of time by communicating with its command server (see C&C in the table below).Distribution of different types of blocked requests (from 01/17/2021 until 02/17/2021):

  • malware – 233,234,895; 49.16%
  • C&C – 225,668,192; 47.57%
  • phishing – 3,910,701; 0.82%
  • spam – 773,672; 0.16%
  • coinminer – 8,651,682; 1.82%
  • blacklist – 2,036,021; 0.42%

Significant Trends

Apart from the overall rise in blocked incidents, there were interesting developments in individual categories.CryptominersThe increased activity of coin miners likely corresponds to the development of cryptocurrency rates, especially Bitcoin. After a volatile January — when Bitcoin rose from USD 30k to 40k only to drop back to 30k before the end of the month — February came and BTC started rising again. Only from the 1st of February to the 6th, its value rose from USD 33,613 to USD 40,302. On February 9th, it was already worth USD 48,226.The increased activity of coin miners is rather clear from the 5th of February. In comparison with the beginning of the year, the daily average of blocked attempts rose by more than 1,960%.PhishingApart from the 26th of January, there was no extraordinary activity recorded concerning phishing. But on this day, Whalebone blocked 417,979 attempts to enter phishing domains, which is 13.38% more than the average at the beginning of the year.Spam (Updated 02/22/2021)During the monitored period, there was very little deviation from the standard when it comes to spam. After the data analysis was finished, however, an interesting turn of events occurred.From the 17th of February, the number of spam incidents rose by approximately 91,000 per day. On the 22nd of February, spamming was already above the daily average by 32.65%. The absolute amount of spam even exceeded the Christmas period, which is more often than not the typical peak for spam activities. Last Christmas, Whalebone blocked 111,894 spam-related threats every day.The high success rate of blocked cyberthreats is due to the specific Whalebone solution, which is far from simply relying on static blacklists of harmful domains. A sophisticated real-time analysis of network traffic ensures that Whalebone blocks all dangerous threats. One of the biggest advantages of such a solution is that it can identify different patterns typical for various attacks, which enables Whalebone to detect zero-day threats, way before other solutions can possibly react.