Aggressive, confrontational and complex, cybercrime today is much more hostile than it has ever been, according to a new report from Europol.
Previously, it was the case that some cybercriminals displayed a “passive, persuasive nature”, while others preferred to surreptitiously carry out their activities. Confrontation was less evident.
Not anymore says the European Union’s law enforcement in its latest Internet Organised Crime Threat Assessment (IOCTA), which as been released to coincide with European Cyber Security Month (ECSM) and the National Cyer Security Awareness Month (NCSAM).
"The aggressive, confrontational approach of putting blunt pressure on individuals and businesses bears the signature of organized crime."
The heightened level of belligerence is also indicative of the current trend towards more interaction between cybercriminals and their victims, especially when it comes to extortion.
This is also leading to a change in the consequences of such attacks, with the psychological impact of cybercrime far greater.
The authors said: “Whilst the cautious, stealthy approach goes with the stereotype of the uncertain, geeky hacker, the aggressive, confrontational approach of putting blunt pressure on individuals and businesses bears the signature of organized crime.”
Here are three of the other key findings of the paper:
1. Malware remains as threatening as it has ever been
Ever since the first example of malicious software was detected – the Pakistani Brain virus in 1986 – there has been at least one significant incident of malware every year.
Presently, ransomware is considered as the greatest threat, with reported instances of it markedly higher than other types of malware (such as remote access tools).
The one to watch out for is Cryptolocker, which is identified by ECSM partner ESET as Win32/Filecoder. Not only is it a high-volume, high-impact type of malware, it is also one of the most rapidly expanding.
2. Payment fraud on the rise as online banking takes off
Thanks to better technology, online banking has really taken off over the last few years. While it has made managing finances easier for consumers, it has also increased their exposure to new types of fraud.
The report notes that this has “encouraged” cybercriminals to raise their game, as they seek to outdo security professionals. It is a constant battle, one that is so far proving to be to the benefit of attackers.
As to the main threat, skimming has been highlighted as one to watch out for. The authors comment: “Skimmers continue to refine their tools with notable developments in miniaturization and concealment techniques.”
3. The Internet of Everything is a big concern for law enforcement
Lauded as the next big thing, the Internet of Everything (IoT) nevertheless has many in the security industry concerned, with Europol citing it as a “major challenge” for law enforcement.
More than big data and the cloud, the IoT is seen as being particularly troubling for the fact that it is making more things connected and automated (through the world wide web).
“Considering our increasing dependency on connected and smart devices, emerging and future attack scenarios may encompass physical or mental harm, either intentionally or unintentionally,” the study documents.
“Possible scenarios range from hacked smart cars and hacked medical devices to hacked weaponised drones.”
Hard work, collaboration and innovation is required
While the report indicates that there is a lot to be concerned about, a collaborative, multi-agency and multi-sector approach will go a long way in reducing the damage done by cybercriminals.
This is in itself challenging, Europol states, as investigations tend to be complex, the work is labor-intensive and costly and there are not enough specialist security professionals.
And that is just the tip of the iceberg. However, given that the threat is international in scope and severe, there is a necessity to act. As Rob Wainwright, director of Europol notes in the foreword, active cybersecurity initiatives, when done well, have a decisive impact:
“The last 12 months have shown some remarkable successes by EU law enforcement in the fight against cybercrime, and I look forward to celebrating further successes as we move towards 2016 with law enforcement continuing to push the boundaries of traditional policing with our partners in the EU and beyond.”