Europol has published its 2019 Internet Organized Crime Threat Assessment (IOCTA), an annual presentation of the cybercrime threat landscape, highlighting the key developments, threats and trends, as seen by law enforcement authorities across Europe.
Ransomware remains the top threat in this year’s IOCTA. While there has been a decline in the overall volume of ransomware attacks, those that do occur are more targeted, more profitable and cause greater economic damage. In this area, ransomware used to deny an organization access to its own data is the primary threat. There is growing concern following the increase of destructive ransomware, such as the Germanwiper attacks of 2019. GermanWiper surfaced during the summer as a new type of ransomware which rather than encrypting the victim’s files, rewrites the content resulting in the permanent destruction of the victim’s data.
A clear and growing concern for Europol’s private sector partners was attacks directed at them through the supply chain, i.e. the use of compromised third parties as a means to infiltrate their network. Often this will be suppliers of third-party software or hardware, but also other business services. These risks are also at play when a larger company acquires a smaller company which may have lower cybersecurity maturity. Europol says industry reporting indicates that supply chain attacks increased by 78 % in 2018. Such attacks are becoming more complex, with compromised fourth or even fifth party suppliers exploited in multi-tier supply chain attacks.
The report noted that law enforcement across Europe has become involved in a much wider variety of investigations into attacks on critical infrastructures, including attacks on the energy, transport, water supply, and health sectors. The most likely potential perpetrators include nation states as well as script kiddies (largely unskilled individuals who use existing codes to hack into systems).
The IOCTA also warns about the terrorist role in cyber crime. Europol says the wide array of online service providers (OSPs) exploited by terrorist groups presents a significant challenge for disruption efforts adding that terrorist attacks can rapidly turn viral before OSPs and law enforcement can respond.
The March 15 2019 rightwing extremism motivated terrorist attack on two mosques in Christchurch, New Zealand, uncovered unprecedented elements in the exploitation of the internet for terrorist purposes. The attack’s recorded livestreaming video and the gunman’s manifesto rapidly went viral and gained digital depth, highlighting new challenges in the fight against terrorist content online.
The report calls for cross-platform collaboration and a multistakeholder crisis response protocol on terrorist content online which it says would be essential to crisis management in the aftermath of a terrorist attack. In addition, a better understanding of new and emerging technologies is a priority for law enforcement practitioners. And Europol says upcoming policy debates and legislative developments should take into account the features of these technologies in order to devise an effective strategy to prevent further abuse.
Other areas highlighted in the report include DDoS attacks, the fragmentation of the Darknet, blockchain marketplaces, exploitation, and business email compromise.