The WannaCry “epidemic” that steamrolled business computers in May, followed by NotPetya in June, has seen ransomware eclipse most other cyber-threats, Europol said today.
The Hague-based agency, which supports EU law enforcement authorities, released its 2017 Internet Organized Crime threat Assessment today, urging people and companies to raise their defenses against cybercrime.
"The global impact of huge cyber security events such as the WannaCry ransomware epidemic has taken the threat from cybercrime to another level,” said Europol’s executive director Rob Wainwright.
“Banks and other major businesses are now targeted on a scale not seen before,” he added.
WannaCry affected over 300,000 computers in 150 countries, followed by late June’s NotPetya attack that affected 20,000 computers in 60 countries. Though NotPetya was smaller in scale, it cost $300m a piece in lost revenues for both shipping giant Maersk and FedEx’s European business TNT Express.
The report offers an overview of the changing mix of cyber threats based on what victims are reporting to EU law enforcement agencies and hence what’s counted. The report is available here.
Reports of ransomware now significantly outnumber those about information stealing malware and banking trojans, which have declined over the past year.
Distributed denial of service (DDoS) attacks against critical infrastructure providers were the most commonly reported to law enforcement agencies in the EU. However, DDoS only had “a moderate, short-lived impact” despite agencies reporting an increase in the volume of attacks.
The second most commonly reported attack against critical infrastructure organizations were from suspected advanced persistent threat, or state-sponsored, actors. Quite opposite to DDoS, Europol notes that incidents that are reported are almost always “high impact attacks” and are becoming more prevalent over time. Key targets included organizations in the financial sector and government agencies.
Another big area of cybercrime was business email compromise, or highly targeted phishing, which was the most common social engineering scam reported in the EU. Half of the EU’s 28 Member States reported cases, and two thirds noted a rise in this threat. Most victims were small to medium sized businesses.
Europol notes some successes by industry and law enforcement over the past two years in combatting specific threats. This includes Cisco and GoDaddy's work to take down the Neutrino exploit kit, and a general decline in exploit kit activity for distributing malware by attacking browser flaws when users visited websites. But malware, such as the Dridex banking trojan and Locky ransomware, have since switched to spam for distribution and social engineering for infections. Europol also counts the takedowns of the AlphaBay and Hansa dark web markets as key achievements.
“While Europol and its partners in policing and Industry have enjoyed success in disrupting major criminal syndicates operating online, the collective response is still not good enough. In particular people and companies everywhere must do more to better protect themselves,” said Wainright.
Other major threats included botnets powered by hijacked IoT devices, such as Mirai, and data breaches, which exposed 2 billion records concerning EU citizens in the past 12 months.
Europol sees the dark web as a key “enabler” for a range of crimes, from supplying new synthetic opiates, to firearms, stolen payment data, and fraudulent documents to facilitate human trafficking.