Cyber criminals are a crafty bunch which makes the fight against them rather difficult.
One of the best tools to help protect you and your business from cybercrime is information. What should you be looking out for? What are the biggest threats?
In a bid to answer those questions and more we’ll be taking a look at Europol’s 2018 Internet Organised Crime Threat Assessment (IOCTA).
“The IOCTA has been and continues to be a flagship strategic product for Europol. It provides a unique law enforcement focused assessment of the emerging threats and key developments in the field of cybercrime over the last year. This is of course only possible thanks to the invaluable contributions from European law enforcement and the ongoing support we receive from our partners in private industry, the financial sector and academia,” writes Europol executive director Catherine De Bolle.
So then, what does the long arm of the law consider some of the biggest threats to internet denizens today?
Ransomware is still a massive threat
The NotPetya and WannaCry attacks last year brought ransomware to the attention of the world.
Collectively these two strains of malware affected 300 000 victims worldwide and WannaCry is estimated to have cost global economies as much as $4 billion.
Europol says that cybercriminals will continue to use ransomware but attacks will shift from a scattershot approach to more targeted attacks, at least in Europe.
“As we have seen with other cyberattacks, as criminals become more adept and the tools more sophisticated yet easier to obtain, fewer attacks are directed towards citizens and more towards small businesses and larger targets, where greater potential profits lie,” says Europol in its report.
The mention of tools is important here because some organisations offer ransomware-as-a-service tools. This allows criminals to reap the profits of ransomware without the effort of creating it.
DDoS attacks will increase
Distributed denial of service (DDoS) attacks are on the rise with 65 percent of EU law enforcers reporting they have seen attacks of this kind.
Like ransomware, DDoS attacks are easy to pull off because there are so many tool available that let folks launch attacks with minimal effort.
The motive behind DDoS attacks depends on the attacker. Europol says that DDoS attacks that focus on extortion are generally committed by “competent cybercriminals” while attacks which have a political or malicious agenda are committed by younger, less sophisticated attackers.
What does the future hold?
Looking to the future Europol sees drive-by cryptomining (referred to simply as cryptomining by the organisation) as the next big threat.
“Despite the revenues generated by ransomware, there are some predictions that cryptominers may overtake ransomware as money generators. Such attacks are infinitely more appealing to cybercriminals wishing to keep a low profile, requiring little or no victim engagement and, at least currently, minimal law enforcement attention,” says Europol.
Mobile malware is also on the rise as users shift from PCs to smartphones to do their banking. Europol does say that the growth of mobile malware depends largely on this shift from users.
The exhaustive report can be found here and if you’re an IT decision maker we urge you to take some time out this long weekend to pour over it and consider how best to protect against cybercriminals.
[Image – CC BY SA Buster Benson]