Ransomware has “eclipsed” most other global cybercrime threats over the past 12 months, with critical infrastructure (CNI) particularly vulnerable and urgent work needed to combat social engineering, according to Europol.
The regional police network claimed in its 2017 Internet Organised Crime Threat Assessment (IOCTA) that the first half of 2017 saw ransomware fired out on an unprecedented scale, with WannaCry and NotPetya indiscriminately infecting those with poor digital hygiene.
“The extent of this threat becomes more apparent when considering attacks on critical infrastructure. Previous reports have focused on worst-case scenarios, such as attacks on systems in power plants and heavy industry,” the report continued.
“However, it is clear that a greater variety of critical infrastructures are more vulnerable to ‘every-day’ cyber-attacks, highlighting the need for a coordinated EU law enforcement and cross-sector response to major cyber-attacks on critical infrastructure.”
These ‘everyday’ attacks include DDoS launched via booters/stressers; the most common, with over 20% of countries reporting incidents to law enforcement. Vulnerable IoT devices such as those compromised by Mirai have made life even easier for the attackers in this regard, the report argued.
Elsewhere, Europol warned that while law enforcement and industry action had helped to halt the spread of exploit kits, this has forced the black hats to lean more heavily on spam bots and social engineering to distribute threats.
“The success of such attacks is demonstrated by the trend of large-scale data breaches,” claimed Europol. “In a 12-month period, breaches relating to the disclosure of over two billion records were reported, all impacting EU citizens to some degree.”
Europol claimed CNI firms need to be “better educated, prepared and equipped to deal with these attacks”, using the GDPR and NIS Directive to improve baseline security. It added that law enforcement’s “prevention and awareness” strategies needed to adapt to the growth of social engineering as an "essential tactic".
Ilia Kolochenko, CEO of High-Tech Bridge, argued that ransomware will be around for at least another decade.
“Many organizations and individuals have abandoned machines they have not updated for years for various reasons, from overt negligence to complicated business processes and compliance. Worse, many large companies and governmental organizations don’t even have a comprehensive and up-to-date inventory of their digital assets, and are not even aware that such systems exist,” he added.
“Professional cyber-criminals also start leveraging recent vulnerabilities and advanced exploitation and encrypting techniques in their campaigns, making ransomware a headache even for companies with well-managed cybersecurity.”
Kirill Kasavchenko, principal security technologist at Arbor Networks, argued that botnets are the fuel that fires many large-scale cyber-attacks today.
“To stop criminals from seeing cybercrime as a lucrative source of income, there must be collaboration and intelligence sharing to ensure hackers are not able to hold organisations to ransom and disrupt critical industries,” he added.