According to Europol's 2019 report, the Internet Organized Crime Threat Assesment (IOCTA), ransomware remains the main threat from the cyber world. The concern regarding ransomware follows the trend pointed out on previous reports, as the IOCTA has placed ransomware as one of the top cyber threats since 2015.
And why is ransomware still topping the list? Europol explains: “as long as ransomware provides a relatively easy income for cybercriminals, and continues to cause significant damage and financial losses, it is likely to remain the top cybercrime threat”.
Ransomware is a type of malware that hijacks machine files or completely blocks it. It encrypts information, thus making it inaccessible to the user. Like a kidnapping, cybercriminals then ask for a financial ransom in order to provide the encryption key to release the device. Ransom payment is usually made in cryptocurrencies, such as bitcoin and monero. After all, the hacker's purpose is to not be tracked.
Europol's report points out the financial damage that ransomware can cause to companies. There are cases where attacks have cost companies over EUR 1 million to recover the hijacked data.
“While ransomware remains the top threat in this report, the overall volume of ransomware attacks has declined as attackers focus on fewer, but more profitable targets, and greater economic damage”, explains Europol.
The document also points to the trend of using ransomware against government agencies, especially in the United States. According to the IOCTA, the only US states that haven't been hit by ransomware attacks in recent years are Delaware and Kentucky. As Europol itself notes, it’s a worrying and alarming situation.
Top ransomware vectors
1. Targeted phishing emails or spear phishing
Targeted phishing, also known as spear phishing, is an evolution of common phishing. It's an attack that uses social engineering against specific targets. Therefore, spear phishing is often more effective and harmful, thus being one of the main vectors of ransomware.
“The trend in the use of social engineering and targeted phishing emails as a primary infection method continues from last year. Some reports highlight that as many as 65% of groups rely on spear-phishing as their primary infection vector”, says the Europol's 2019 report.
2. RDP (Remote Desktop Protocol)
Another ransomware infection vector has to do with vulnerabilities in Remote Desktop Protocols (RDPs), i.e. systems that allow machines remote control.
“The use of vulnerable RDPs also continues to grow. Attackers can either brute force access to a target’s RDP or often can buy access to the target network on a criminal forum. In this area, the importance of patching once again becomes apparent. In May 2019, for example, Microsoft published the security vulnerability CVE-2019-0708, named sometime later as BlueKeep.”
BEC (Business Email Compromise)
BEC is one of the cyber attacks that do the most financial damage to businesses, being treated as a priority by European agencies. According to the report, in recent years there has been a 136% increase in losses involving BEC, totaling more than USD 12 billion in losses worldwide.
“BEC exploits the way corporations do business, taking advantage of segregated corporate structures, and internal gaps in payment verification processes. Such attacks vary by the degree of technical tools used. Some attacks can only successfully employ social engineering, while others deploy technical measures such as malware and network intrusion. This variety in modi operandi also requires a variety in response”, says the agency.
Phishing and social engineering
Europol treats phishing in the report as a key threat. This is because phishing scams are very widespread and used for various purposes. The document points out that 32% of breaches involve phishing and that 48% of malicious files that travel through email are Office files.
“While the financial sector is, and always will be, a significant target for such attacks, industry reporting indicates that most phishing attacks are currently targeting Software-as-a-Service such as cloud services, and webmail.”
Other highlights from Europol's 2019 report
The illegal sale and acquisition of data and information, such as credit card and access credentials, continue to fuel cyber crime.
Insider threat e supply chain
Companies are increasingly concerned about insider threats, such as employees selling confidential information, and attacks that want to infiltrate the company through partners, or supply chain.
DDoS (Denial-of-service attack)
Even though there's a decrease in the number of cases, DDoS attacks remain a significant problem for companies, as they have, besides their financial impact, a public impact.
Child sexual exploitation online
Unfortunately, according to Europol, there has been an increase in cases involving child sexual exploitation on the web, putting more pressure on the law to be enforced.
Terrorist groups continue to expand and have diversified to spread and reach more people.
GDPR (General Data Protection Regulation)
Turning one year old, GDPR has a positive impact on the market by making companies worry about data protection and better handle third party's information. Nevertheless, it'll still take more time to better assess the actual impact of the law.
If you would like to check out the full report, click here.