Click here for your FREE ISO 27001 Information Security Management System Gap Analysis Checklist.
While the number of attacks might be dropping in some cases, the sophistication and severity of these attacks are increasing exponentially.
Europe’s law enforcement agency, Europol, has released a report showing that malware and ransomware attacks on individuals and organisations alike are becoming “more targeted, more profitable and cause greater economic damage.”
The report - which can be accessed here - called the Internet Organized Crime Threat Assessment (IOCTA) is a 63-page overview of the state of cybersecurity globally, through the eyes of one of the most reputable policing agencies in the world. Authors warn that in the wake of wide scale ransomware attacks like the NotPetya and WannaCry cyber attacks, malware represents a “relatively easy income” stream for cybercriminals; more stable than financial trojan horses.
Amongst a raft of challenges for Europol, the agency says that distributed denial-of-service attacks (DDos), distribution of child pornography, abuses of cryptocurrencies and encrypted messaging systems are the biggest aspects commonly deployed by cyber criminals to crack down on.
Phillipp Amann, head of strategy at the European Cybercrime CEntre (EC3) told the audience attending the Europol-Interpol cybercrime conference that ransomware was no longer fixated on targeting individuals. Rather, there has been a noticeable trend for cybercriminals gravitating towards Europe’s public and private sectors, instead. Those in enterprise remain at risk due to the fee a hacker can command for holding an organisation’s data for ransom.
Europol noted that public awareness campaigns like the No More Ransom project and internal training could be responsible for the number of ransomware infections falling.
However, as Charlie Osborne notes in her report, “the threat of sabotage and the permanent loss or erasure of company data are other factors keeping executives up at night,” and that businesses remain at risk as, despite the increased labor and potential need for spear-phishing, in the words of Philipp Amann, “attackers are able to pitch the ransom for decrypting the victim’s files based on the victim’s perceived ability to pay.”
Reports have also noted that the average ransom cybercriminals are asking victims to pay has increased by 184% in the second quarter of 2019 to a total of $36,295 over $12,762 in the first quarter of 2019.
On a lighter note, Amann noted that positive changes noted in this year’s report are the fragmentation of the dark web’s online markets. “I think it’s fair to say we are partially responsible for that, but I wouldn’t see this as a negative thing,” he said.
“The whole environment is in flux and there is a high level of distrust so criminals in that space are trying to find new ways to do their business,” Amann concluded.