Europol says ransomware is getting smarter

Europol has highlighted the varied ways that cybercriminals target victims in the latest edition of its annual threat report.

Among the key findings are that ransomware and malware is still one of the biggest threats, with cyber-attacks becoming increasingly stealthy and much harder to detect. There’s also a trend from opportunistic attacks to targeted actions against specific individuals or companies considered to be vulnerable to financial extortion.

Fileless malware in particular is becoming more common, along with distributed denial of service (DDoS) attacks, and it is getting easier for unskilled individuals to learn how to launch significant attacks. There’s also signs that criminals may increasingly turn to mobile malware as consumers shift to mobile banking services.

Europe’s GDPR legislation requires breaches to be reported within 72 hours, to try to limit criminals’ opportunity to extort breached organisations for ransom. It seems hacked companies may prefer to pay a smaller ransom to a hacker for non-disclosure however, than face the heavy fines that may be imposed on them by authorities.

Europol notes that network intrusions are generally motivated by the need for illegal acquisition of data, for a variety of purposes that include payment fraud and phishing.

Criminals will continue to abuse cryptocurrencies, and cyber-attacks which historically targeted traditional financial instruments are now targeting businesses and users, says Europol.

Cryptojacking is an emerging cybercrime trend, referring to the exploitation of internet users’ bandwidth and processing power to mine cryptocurrencies. While it is not illegal in some cases, it nonetheless creates additional revenue streams and therefore motivation for attackers to hack legitimate websites to exploit their visitor systems. Actual cryptomining malware works to the same effect, but can cripple a victim's system by monopolising their processing power.

The Darknet will continue to facilitate online criminal markets, where criminals sell illicit products in order to engage in other criminal activity or avoid surface net traceability. In 2017, law enforcement agencies shut down three of the largest Darknet markets: AlphaBay, Hansa and RAMP. These takedowns prompted the migration of users towards existing or newly-established markets, or to other platforms entirely, such as encrypted communications apps.

Finally, payment card fraud is still a common threat as instant payments from cards can reduce detection and intervention opportunities by banks. This may lead to a higher rate of telecommunications fraud, which is an old but still growing trend involving non-cash payments.

The fifth annual Internet Organised Crime Threat Assessment (IOCTA) on the emerging threats and key developments in cybercrime over the last year was released at the INTERPOL-Europol Cybercrime Conference in Singapore.