Europol says the past 12 months have seen “unprecedented” cyberattacks in terms of scale, impact and rate of spread, with ransomware “eclipsing” most other forms of assault.
In its annual Internet Organised Crime Threat Assessment (IOCTA), Europol noted that attacks like Petya and WannaCry indiscriminately targeted public and private sector organisations, harming critical infrastructure and even harming lives.
The agency said ransomware, and other threats, served to demonstrate how poor “digital hygiene” and security practices had allowed threats to spread, and called on governments to devote more resources to targeting the developers of malware and attack tools, as well as awareness campaigns.
It also wants more cooperation, noting its success in taking down two Darknet markets and the dismantling of botnets.
“The global impact of huge cyber security events such as the WannaCry ransomware epidemic has taken the threat from cybercrime to another level,” said Rob Wainwright, Europol executive director.
“Banks and other major businesses are now targeted on a scale not seen before and, while Europol and its partners in policing and Industry have enjoyed success in disrupting major criminal syndicates operating online, the collective response is still not good enough. In particular people and companies everywhere must do more to better protect themselves.”
Besides ransomware, the most noteworthy threats cited by the report were IoT botnets, major data breaches, payment fraud and attacks on bank networks that can cause financial damage and be used to facilitate other kinds of crime.
It also reiterated the threat of the dark web’s role in the sale of drugs, firearms and child pornography, all of which affects physical security and safety.
“This report shows online crime is the new frontier of law enforcement,” said Julian King, EU commissioner for the security union. “We’ve all seen the impact of events like WannaCry: whether attacks are carried out for financial or political reasons, we need to improve our resilience and ensure cybercrime does not pay – last week the EU set out a package of concrete cybersecurity measures.”