Have you been wondering which today’s most prevalent cybercrime threats are? Europol has just released a vast, 72-page report called the Internet Organized Crime Threat Assessment which gives quite a detailed answer.
According to Europol, the malware market has entirely embraced the CaaS model which literally helps cybercrime evolve by providing tech support.
“The mature Crime-as-a-Service model underpinning cybercrime continues to provide tools and services across the entire spectrum of cyber criminality, from entry-level to top-tier players, and any other seekers, including parties with other motivations such as terrorists”, the report says.
Ransomware and Banking Trojans
Ransomware such as the recently revived Locky is the most damaging and feared threat today.
Encrypting the victim’s files and demanding a ransom in Bitcoin, ransomware protection shouldn’t be neglected. Banking Trojans have also been quite popular, especially during the 2016 Rio Olympics when researchers detected multiple campaigns.
Nonetheless, the report notes that while bankers are not new to the malware market and are mostly deployed when major global events happen, ransomware is a relatively new threat and is indeed a greater flux. Ransomware needs several more years to reach the same level.
The proportion of card fraud attributed to card-not-present (CNP) transactions continues to grow, with e-commerce, airline tickets, car rentals and accommodation representing the industries hit hardest. The first indications that organised crime groups (OCGs) are starting to manipulate or compromise payments involving contactless (NFC) cards have also been seen.
DDoS is continuing to grow in both intensity and complexity – for one, many campaigns are mixing network and application layer attacks. Furthermore, booters/stressers4 are readily available as-a-service, accounting for an increasing number of DDoS attacks, the report says.
Social Engineering Attacks
Because malware development and distribution can be quite the challenging task, more attackers are now relying on social engineering schemes. Social engineering is indeed simpler and is as effective as technical exploitation.
In the period between October 2013 and August 2015, BEC scams alone have caused US companies losses in the amount of $750 million dollars, leaving more than 7,000 victims in despair. Another report indicates that cybercriminals have gained approximately $50 million dollars from victims worldwide.