Internet threat assessments

CERT-LatestNews KasperskyNews ThreatsCybercrime ThreatsEconomic ThreatsStrategic

The past 12 months have seen a number of unprecedented cyber-attacks in terms of their global scale, impact and rate of spread, according to the European Union’s policing agency Europol.

The 2017 Internet Organised Crime Threat Assessment (IOCTA) assesses developments, changes and emerging threats in cybercrime. Ransomware is the top threat facing computer users, with high-profile attacks such as ‘WannaCry’ that reached millions of devices. Some attacks have targeted and affected critical national infrastructures at levels that could endanger lives. These attacks have highlighted how connectivity, poor digital hygiene standards and security practices can allow such a threat to quickly spread, says Europol.

Last year did see some operational successes, for example the takedown of two of the largest Darknet markets, AlphaBay and Hansa, the dismantling of the Avalanche network, and two Global Airport Action Days targeting those travelling on fraudulently-purchased airline tickets.

The IOCTA was presented during the annual Europol-INTERPOL Cybercrime Conference, in late September in The Hague. To read the 80-page IOCTA visit https://www.europol.europa.eu/iocta/2017/index.html.

Comments

Julian King, EU Commissioner for the security union, said: “This report shows online crime is the new frontier of law enforcement. We’ve all seen the impact of events like WannaCry: whether attacks are carried out for financial or political reasons, we need to improve our resilience and ensure cybercrime does not pay – last week the EU set out a package of concrete cybersecurity measures.”

Europol’s Executive Director Rob Wainwright: “The global impact of huge cyber security events such as the WannaCry ransomware epidemic has taken the threat from cybercrime to another level. Banks and other major businesses are now targeted on a scale not seen before and, while Europol and its partners in policing and Industry have enjoyed success in disrupting major criminal syndicates operating online, the collective response is still not good enough. In particular people and companies everywhere must do more to better protect themselves.”

Brian Robison, senior director of security technology at Cylance, said: “Ransomware is exploding – because it works! People pay to get their data back. Cybercriminals know this and exploit it. Companies are not the only targets, although with deeper pockets, organisations pay millions of dollars to regain control of their systems. On the consumer side, we are seeing new types of ransoms being requested. A recent ransomware campaign hit the world where the ransom was not to be paid in the normal method of cryptocurrency like BitCoin; instead the victim had to send a number of nude photos of themselves to be verified by the attackers to get their files back.

“While businesses and organisations should have measures in place for data redundancy and backup – home users often don’t take these measures or simply have one single backup. Often in cases like this, the user will end up paying to get their precious family photos and memories back.

“Think about your data, think about where it is, think about what it is, back it up – not only in one place; but keep it fluid and moving. Look at long time storage of your most critical data whether it be your priceless family photos or your new patent pending secret formula to make billions; data is data and if it can be stolen or held for ransom it will!

“Ransomware is not going away – it works! When a method works and in a lot of cases works well, it will continue to be used and its use will grow. Ransomware is getting easier to obtain, weaponize and capitalize. It’s an epidemic and it needs a vaccine!”

Separately, the IT security firm Kaspersky brought out a report “Threat Landscape for Industrial Automation Systems in H1 2017”. Evgeny Goncharov, Head of Critical Infrastructure Defense Department at Kaspersky Lab said: “In the first half of the year we’ve seen how weakly protected industrial systems are: pretty much all of the affected industrial computers were infected accidentally and as the result of attacks targeted initially at home users and corporate networks. In this sense, the WannaCry and ExPetr destructive ransomware attacks proved indicative, leading to the disruption of enterprise production cycles around the world, as well as logistical failures, and forced downtime in the work of medical institutions. The results of such attacks can provoke intruders into further actions. Since we are already late with preventive measures, companies should think about proactive protective measures now to avoid ‘firefighting’ in future.”

For that report visit Securelist.com. Download at https://ics-cert.kaspersky.com/reports/2017/09/28/threat-landscape-for-industrial-automation-systems-in-h1-2017/.

http://www.professionalsecurity.co.uk/news/interviews/internet-threat-assessment/