Avez-vous été demandez que la plupart des menaces de la cybercriminalité répandue d'aujourd'hui sont? Europol vient de publier un vaste, 72-page report called the Internet Organized Crime Threat Assessment which gives quite a detailed answer.
Selon Europol, the malware market has entirely embraced the CaaS model which literally helps cybercrime evolve by providing tech support.
“The mature Crime-as-a-Service model underpinning cybercrime continues to provide tools and services across the entire spectrum of cyber criminality, from entry-level to top-tier players, and any other seekers, including parties with other motivations such as terrorists”, le rapport.
Ransomware and Banking Trojans
Ransomware such as the recently revived Locky is the most damaging and feared threat today.
Encrypting the victim’s files and demanding a ransom in Bitcoin, ransomware protection shouldn’t be neglected. Banking Trojans have also been quite popular, especially during the 2016 Rio Olympics when researchers detected multiple campaigns.
Cependant, the report notes that while bankers are not new to the malware market and are mostly deployed when major global events happen, ransomware is a relatively new threat and is indeed a greater flux. Ransomware needs several more years to reach the same level.
The proportion of card fraud attributed to card-not-present (CNP) transactions continues to grow, with e-commerce, airline tickets, car rentals and accommodation representing the industries hit hardest. The first indications that organised crime groups (OCGs) are starting to manipulate or compromise payments involving contactless (NFC) cards have also been seen.
DDoS is continuing to grow in both intensity and complexity – for one, many campaigns are mixing network and application layer attacks. En outre, booters/stressers4 are readily available as-a-service, accounting for an increasing number of DDoS attacks, le rapport.
Social Engineering Attacks
Because malware development and distribution can be quite the challenging task, more attackers are now relying on social engineering schemes. Social engineering is indeed simpler and is as effective as technical exploitation.
Dans la période entre Octobre 2013 et Août 2015, BEC scams alone have caused US companies losses in the amount of $750 million de dollars, laissant plus de 7,000 victimes dans le désespoir. Un autre rapport indique que les cybercriminels ont gagné environ $50 million de dollars de victimes dans le monde entier.