Wannacry has taken global cyber threat to another level
“The global impact of huge cyber security events such as the WannaCry ransomware epidemic has taken the threat from cybercrime to another level,” says Europol’s Executive Director Rob Wainwright.
“Banks and other major businesses are now targeted on a scale not seen before and, while Europol and its partners in policing and Industry have enjoyed success in disrupting major criminal syndicates operating online, the collective response is still not good enough. In particular people and companies everywhere must do more to better protect themselves,” he pointed out.
The 2017 Internet Organised Crime Threat Assessment presents an in-depth assessment of the key developments, changes and emerging threats in cybercrime over the last year.
- Ransomware has eclipsed most other cyber-threats with global campaigns indiscriminately affecting victims across multiple industries in both the public and private sectors. Some attacks have targeted and affected critical national infrastructures at levels that could endanger lives. These attacks have highlighted how connectivity, poor digital hygiene standards and security practices can allow such a threat to quickly spread and expand the attack vector.
- The first serious attacks by botnets using infected insecure Internet of Things (IoT) devices occurred.
- Data breaches continue to result in the disclosure of vast amounts of data, with over 2 billion records related to EU citizens reportedly leaked over a 12 month period, often facilitated by poor digital hygiene and practices.
- The Darknet remains a key cross-cutting enabler for a variety of crime areas. It provides access to, among other things: the supply of drugs such as Fentanyl and new psychoactive substances which internationally have directly led to many fatalities; the supply of firearms that have been used in terrorist acts; compromised payment data to commit various types of payment fraud; and fraudulent documents to facilitate fraud, trafficking in human beings and illegal immigration.
- Offenders continue to abuse the Darknet and other online platforms to share and distribute child sexual abuse material, and to engage with potential victims, often seeking to coerce or sexually extort vulnerable minors.
- Payment fraud affects almost all industries, having the greatest impact on the retail, airline and accommodation sectors. Several sectors are targeted by these fraudsters as the services they provide can be used for the facilitation of other crimes, including trafficking in human beings or drugs, and illegal immigration.
- Direct attacks on bank networks to manipulate card balances, take control of ATMs or directly transfer funds, known as payment process compromise, represents one of the serious emerging threats in this area.
Despite the growing threats and challenges for law enforcement, last year did see some tremendous operational successes, for example the takedown of two of the largest Darknet markets, AlphaBay and Hansa, the dismantling of the Avalanche network, and two successful Global Airport Action Days targeting those travelling on fraudulently-purchased airline tickets.
The IOCTA seeks to make recommendations for law enforcement, policy makers and regulators to allow them to act and plan accordingly, and respond to cybercrime in an effective and concerted manner.
- Law enforcement must continue to focus on the actors developing and providing the cybercrime attack tools and services responsible for ransomware, banking Trojans and other malware, and suppliers of DDOS attack tools, counter-anti-virus services and botnets.
- The international law enforcement community must continue to build trusted relationships with public and private partners, CERT communities, etc, so that it is adequately prepared to provide a fast and coordinated response in case of a global cyber-attack.
- Company employees and the general public need to be educated to recognise and respond accordingly to changing criminal tactics like social engineering and spam botnets. EU Member States should continue to support and expand their engagement with Europol in the development of pan-European prevention and awareness campaigns.
- While investigating online child sexual exploitation, EU Member States should ensure sufficient investigative tools and resources to fight this crime. Joint high-quality and multilingual EU-wide prevention and awareness activity needs to be maintained.
- Law enforcement needs to develop a globally coordinated strategic overview of the threat presented by the Darknet. Such analysis would allow for future coordination of global action to destabilise and close down criminal marketplaces. It is also essential that investigators responsible for all crime areas represented on Darknet markets have the knowledge, expertise and tools required to effectively investigate and act in this environment.
- The growing threat of cybercrime requires dedicated legislation that enables law enforcement presence and action in an online environment. The lack of adapted legislation is leading to a loss of both investigative leads and the ability to effectively prosecute online criminal activity.
Commenting on the report, Steven Malone, Director of Security Product Management, Mimecast, said: “We welcome this comprehensive report that clearly highlights the meteoric rise of ransomware and social engineering attacks. Despite the educational efforts of security companies and government so far, it’s clear that organizations need more support and training fast.
“WannaCry was a wake-up for some but we’re still not seeing these news threats taken seriously enough by others. Only by working together in homes, schools, businesses and the wider community can we begin to build cyber resilience into all the services upon which we rely. There is a prime opportunity for critical national infrastructure organizations to lead the way forward with the forthcoming NIS Directive in 2018. This EU-wide legislation needs to be harnessed quickly to foster a new culture of security for citizens.”