Here are the biggest cybercrime trends of 2019

A photo illustration shows a USB device being plugged into a laptop computer in Berlin July 31, 2014. USB devices such as mice, keyboards and thumb-drives can be used to hack into personal computers in a potential new class of attacks that evade all known security protections, German crypto specialist and chief scientist with Berlin's SR Labs Karsten Nohl revealed on Thursday.   REUTERS/Thomas Peter (GERMANY - Tags: CRIME SCIENCE TECHNOLOGY) - GM1EA7V1EW901

Hackers target computers, smartphones and network attached storage (NAS) devices Image: REUTERS/Thomas Peter

Einaras von Gravrock
Founder, Cujo LLC
Our Impact
What's the World Economic Forum doing to accelerate action on Cybersecurity?
The Big Picture
Explore and monitor how Internet of Things is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:


Cybercriminals are using more advanced and scalable tools to breach user privacy, and they are getting results. Two billion data records were compromised in 2017, and more than 4.5 billion records were breached in the first half of 2018 alone.

Here are the most pressing cybersecurity issues in 2019, as well as rising trends into 2020.

Advanced phishing kits

Four new malware samples are created every second. Phishing remains one of the most successful attack vectors due to its speed, as most phishing sites stay online for just four to five hours. Users only report 17% of phishing attacks, and it is seen as a low-risk type of activity. As a result, today only 65% of all URLs are considered trustworthy. This puts a strain on both the consumer and any enterprise with an online presence.

We predict that 2020 will be known for advanced phishing attacks, due to the number of new phishing kits available on the dark web. These kits enable people with only basic technical knowledge to run their own phishing attacks. With more tools available, phishing will become an even more dangerous attack method.

Remote access attacks

Remote attacks are growing in number, as well as becoming more sophisticated. One of the main types of remote access attack in 2018 was cryptojacking, which targeted cryptocurrency owners. Another popular type of attack threatened perimeter devices.

According to our threat intelligence database, remote access attacks are among the most common attack vectors in a connected home. Hackers target computers, smartphones, internet protocol (IP) cameras and network attached storage (NAS) devices, since these tools usually need to have ports open and forwarded to external networks or the internet.

Attacks via smartphones

One of the most common attack vectors to smartphones are related to unsafe browsing (phishing, spear phishing, malware). More than 60% of fraud online is accomplished through mobile platforms, according to RSA, and 80% of mobile fraud is achieved through mobile apps instead of mobile web browsers.

As most people use their phones to manage financial operations or handle sensitive data outside the security of their home network, this becomes a prominent threat. The fact that users typically hold all their information on their phone, and that smartphones are now used for two-factor authentication - one of the most widely used cybersecurity tools - increases the security risk if the device is lost or stolen.

Have you read?
Vulnerabilities in home automation and the Internet of Things

The consumer Internet of Things (IoT) industry is expected to grow to more than seven billion devices by the end of 2020, according to Gartner. Many consumers do not see IoT devices as a vulnerability, because a significant portion of them do not have a user interface. This could lead to issues understanding what kind of data the device collects or manages.

However, IoT devices are not only collecting valuable user data. They could become an entry point for an attacker or tool to launch a distributed denial-of-service (DDoS) attack. IoT devices are not secure by design, because putting a focus on security would significantly increase manufacturing and maintenance expenses.

According to CUJO AI threat intelligence data, 46% of all attack types that these devices experience are remote access attempts and 39% are used for detecting behavioural patterns. With the exponential growth of connected devices at home, these threats are likely to increase.

Utilizing artificial intelligence

Most of the biggest industries already use machine learning (ML) and artificial intelligence (AI) to automate their processes and improve overall performance. Cybersecurity and cybercrime are no exception.

AI is often considered to be a dual-use technology - while more cybersecurity companies are implementing AI-driven algorithms to prevent threats, hackers are also taking the opportunity to become more effective.

The majority of AI qualities serve malicious purposes. AI systems are cheap, scalable, automated, anonymous and they provide physical and psychological distance for the attacker, diminishing the immediate morality around cybercrime.

- Artificial intelligence for cybersecurity evasion. Cybercriminals are using various evasion methods to avoid detection, and AI helps to optimize different elements of this process.

- Artificial intelligence in phishing. AI could help to create content that can pass through typical cybersecurity filters, such as email messages that are indistinguishable from those written by humans.

- Artificial intelligence in social engineering. While social engineering is one of the most popular hacking techniques, it takes a lot of time to implement properly. AI could help in not only collecting information, but also by writing emails or calling potential victims.

With new advances in AI-driven technology, utilizing AI in cyber attacks will become an even more popular and dangerous trend.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Related topics:
CybersecurityEmerging Technologies
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

US-led operation takes down global botnet, and other cybersecurity news to know this month

Akshay Joshi

June 14, 2024

About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum