The Daily Swig Web security digest

IOCTA 2017: Europol highlights growing threat to digital landscape

James Walker | 27 September 2017 at 12:00

Combating ransomware and payment fraud among organization’s top priorities.

Over the past 12 months, a “striking upsurge” in digital attacks utilizing ransomware, DDoS, and CNP fraud has underlined the growing challenges faced by individuals, businesses, and those organizations tasked with fighting cybercriminals, Europol has warned.

Presented during the annual Europol-Interpol Cybercrime Conference in The Hague earlier today, the 2017 Internet Organized Crime Threat Assessment (IOCTA) report provides a detailed overview of how cybercrime continues to grow and evolve around the world.

While many aspects of cybercrime are firmly established, other areas have witnessed “unprecedented” growth, the paper states. Ransomware, in particular, has now eclipsed most other global crime threats, with the first half of 2017 witnessing attacks on a scale previously unseen, as observed in the WannaCry and Petya cases.

“The extent of this threat becomes more apparent when considering attacks on critical infrastructure,” said Europol’s European Cybercrime Centre (EC3) in its discussion of the digital threat landscape.

“Previous reports have focused on worst-case scenarios, such as attacks on systems in power plants and heavy industry. However, it is clear that a greater variety of critical infrastructures are more vulnerable to ‘every-day’ cyber-attacks, highlighting the need for a coordinated EU law enforcement and cross-sector response to major attacks on critical infrastructure.”

According to EC3, card-not-present (CNP) fraud continues to impact heavily on the retail sector, while reports of card-present (CP) fraud have reached record numbers.

“This year’s report highlights how cybercrime continues to grow and evolve, taking new forms and directions, as demonstrated in some of the attacks of unprecedented scale of late 2017 and mid-2017,” said Rob Wainwright, executive director of Europol.

“It further highlights the progressive convergence of cyber and serious and organized crime, supported by a professional underground service economy.”

Despite the constant growth and evolution of cybercrime, EC3 said joint cross-border law enforcement actions against the key cyber threats have resulted in some “significant successes”, supported by effective prevention and disruption activities.

These success stories, however, will do little to allay the concerns of the tens of thousands of businesses and individuals who have, over recent months, found their digital assets compromised by hackers’ increasingly sophisticated – and hard to trace – methods.

Wainwright’s comments come a day after Meng Hongwei, president of Interpol, addressed delegates in Beijing during the organization’s general assembly. The Chinese law enforcement veteran outlined Interpol’s own challenges amid an increasingly complex digital landscape.

“170 million cybercrimes take place every year, causing an estimated loss of $445 billion, and yet only one case out of a thousand was cracked,” Meng said. “And still, all these are just the thin end of the wedge.”

Looking ahead, the Interpol chief said the organization would ramp up its efforts to combat cybercrime, and this would involve enhanced cooperation between countries, international organizations, and private entities.

“In 15 years most of the cars racing down the streets might not need a driver; in 20 years quantum computing may decipher all the passwords we know in a blink of an eye,” he stated. “These will change the lives we know, the world we know, and the crimes we know. Never before have we been so challenged.”